Does your organisation have an enforceable password policy?
Yes.
In accordance with Cyber Essentials we have a password policy for our internal team users when using our various cloud services. This includes definitions around the generation and storing of passwords, which we enforce via the 1Password application and the use of MFA wherever it is available.
Commonplace application users are subject to minimum password length and a strength indicator when creating or changing a password.