Be aware that SQL Server has no mechanism that I'm aware of that can guarantee that existing passwords actually comply with the password policy.

Any password may be entered when the password policy is off, and when you turn the password policy on, SQL Server does not (and cannot thoroughly, due to the hashing of passwords, albeit in a very primitive way) validate whether or not the prior password complied with the policy.