We have had IDM in place for a number of years now but the password sync is eDir -> AD only (one way)

We have now moved to Office 365 and we now have full AD licensing and we want the password sync to be both ways.

I have checked the server variables, and the settings match those in the documentation, I have verified all the domain controllers are ready for sync and now I just need to set up the filter.

Currently the filter set to

Publisher -> Ignore
Subscriber - Notify
Merge Authority - Default
Optimize modifications to Identity Vault -> No

Logically, I would be setting this to Sync, Sync, Vault, No and restarting the driver but this does not sync the password though there are no obvious messages in the trace

Can anyone advise what the correct settings for TWO WAY sync would be (with the last reset on either side being the password used)