If you have recently implemented MFA ( Enforced mode in your tennant). I have found that there is no much information about the Dirsync Account status. As per now if you do enforce mfa the account will be affected. Hence breaking the sync as shown
In order to resolve:
You will have to exception the “Directory sync service account from the MFA policy”. The account can be found in the last screen. ( per security reasons mine is obscured
You will have to run again the sync and ensure the services are healthy.
The script to force the sync, after the exception config you should be able to run the sync with no problems.
import-module ADSync Start-ADSyncSyncCycle -PolicyType Delta