Recently one of our Admins noticed that passwords were being set which should not have been allowed with our Azure AD Password Protection settings. Looking at the DCs showed no errors. A look on the Microsoft Docs site for On-premise password protection (https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-password-ban-bad-on-premises-agent-versions) show the latest version is v1.2.125.0. The running version was v1.2.65.0.
v1.2.65.0 includes timed-limited functionality so just stops working on September 1st 2019 with no warning or errors (unless you know what event to look for in the event log). Upgraded Proxy Agent and DC Agents and all working again.
The latest version should automatically update but that functionality was only introduced in version v1.2.116.0.