An exception to a hybrid identity federation scenario would be the following: Home Realm Discovery policy with AllowCloudPasswordValidation set to TRUE will enable ROPC flow to work for federated users when an on-premises password is synced to the cloud. For more information, see Enable direct ROPC authentication of federated users for legacy applications.

Powershell cmdlets to check the existing configuration on Azure Apps below

// Install AzureADPreview
Install-Module AzureADPreview
Import-Module AzureADPreview

// Get Azure AD Policy
Get-AzureADPolicy

// Get Azure AD policy for a specific app
// Get the object ID from SPN, not App registration
Get-AzureADServicePrincipalPolicy <Object ID>