Microsoft vs NCSC and NIST password guidlines

I was today years old when I learned you can't change the minimum character length for passwords in Azure AD, nor apparently can you turn off the complexity requirements. Feels like that's a retrograde step from AD DS? So much for the NCSC \[1\] and NIST \[2\] guidelines on passwords. Thanks again Microsoft.
\#microsoft #password #ux #security
\[1\] https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Donotusecomplexityrequirements *"the NCSC do not recommend the use of complexity requirements when implementing user generated passwords"*
\[2\] https://pages.nist.gov/800-63-3/sp800-63b.html#5111-memorized-secret-authenticators *"No other complexity requirements …

azure azure ad can change complexity cybersecurity guidelines length microsoft ncsc nist old password passwords requirements thanks today turn