SM 11 is not enforcing password compliance when a user changes his/her password. Several weeks ago we went through a stressful period of forcing password resets for users whose passwords did not meet compliance. Everything seemed to be running smoothly until today when I happened to find the Password Policy Compliance report and realized that several users had reset their passwords to something that did not meet requirements. I wondered how this was possible, so I went into an account and reset a password to something that did not comply and it worked.
I have the following Password Requirements enabled: minimum password length set to 7, require a number, require a capital letter, require a lower case letter, and require the password does not match the username.
Most of the reset passwords don't meet length requirements. One user changed his to match his username (although he did use a capital letter), but no numbers.
What am I missing?