No longer expire your passwords
The world is always changing and the password expiring value is one that recently was updated. Microsoft has updated the stance around expiring passwords: https://blogs.technet.microsoft.com/secguide/2019/05/23/security-baseline-final-for-windows-10-v1903-and-windows-server-v1903/
The short answer is, only the expiring portion of the password policy is being discussed. You way want to still expire passwords, but with technologies like Windows Hello, the world of passwords have options. Organizations should still implement many security layers. Not only requiring complex passwords, and longer passphrase values, but strategies such as:
- Secure privileged access
- Not allowing DA accounts to log onto non-DC machines
- Privileged Identity Management (PIM)
- Privileged Access Management (PAM), Just In Time Administration (JIT/JITA)
- Use Local Administrator Password Solution (LAPS)
- Just Enough Administration (JEA) process
You can also turn this value off in your O365 tenant: https://docs.microsoft.com/en-us/office365/admin/manage/set-password-expiration-policy?view=o365-worldwide This allows a broader range of what your expiring password policy can be set at. The world is constantly changing, and many options exist, even while maintaining a very secure platform.