One of the problems we have had with running an Office 365 Hybrid installation was that we lost the ability for Mac users to change their passwords with OWA. Without full Azure AD we could not bidirectionally synchronize passwords.
In the process of setting up an RDS/RD Web (aka terminal server) I discovered an interesting feature; it had a password change portal.
This portal is attached to the local directory controllers, so it allowed users who did not have the CTRL+ALT+DEL option or domain joined computers to change their password. Even better, it still worked when the user’s password was expired.
This allowed us to force the password expiration policy to all users and reduced helpdesk calls for expired passwords almost to none.
The link is similar to your RDWeb remote access link, and will look like https://foo.bar/RDWeb/Pages/en-US/password.aspx. There may be some adjustments you will need to make if you did not enable it during inital configuration. This site may be helpful -> link.