To enforce the password complexity requirement, you need to change the Static Password policy and define the complexity requirements.