With synchronized identity, you are essentially configuring your organization's directory objects to be replicated in Azure AD. This includes a number of properties (first and last names, email addresses, office information, manager reporting configuration, physical addresses, and phone numbers, among others). You have the option to configure this with or without password hashes.
Password hash synchronization enables an Azure AD user to use the same password as the corresponding on-premises account. If you choose to synchronize identity with password hashes (the default configuration), then a hash of the user's on-premises password is computed and synchronized to Azure AD. Authentication will be performed by Azure AD using the synchronized credential when a user attempts to access resources. In order to synchronize password hashes, the account specified in the Azure AD Connect setup must have two specific Active Directory rights granted (Replicating Directory Changes and Replicating Directory Changes All). These rights can be delegated manually (using a tool such as the Azure Active Directory Connect Advanced Permissions tool at http://aka.ms/aadpermissions) or by making the synchronization service account a member of either Domain Admins or Enterprise Admins. While the default synchronization time for Azure AD Connect is every 30 minutes, password changes on-premises are processed and synchronized to Azure AD immediately as a separate process.
If you choose to synchronize identity without password hashes, then all of the same account details are synchronized except the password. Users have to maintain the password separately. This option is commonly configured if you are going to configure a federation service outside of AAD Connect, though you are not required to do so. Authentication will be performed by Azure AD using the synchronized user identity with a cloud password (if no federated authentication has been configured), or the request will be redirected to the federated IDP if the federation has been configured.
Password hash synchronization doesn't rely on any on-premises infrastructure to validate passwords or authentication attempts. If the on-premises environment is unavailable, then users will still be able to log in to Azure AD-protected resources, since the authentication attempt is processed against the service.
With or without password hash synchronization, users are able to change their passwords independently in Office 365. If you deploy password hash synchronization, Microsoft recommends you also deploy password writeback or self-service password reset so that when a user changes their password in Office 365, it's synchronized back to the on-premises Active Directory.