In SuperOffice 8.5 R2 the password policy preference for CRM has been deprecated and moved into the password_policy table (previously only for CS). The gui to change the password policy is now only accessible for customers who have atleast one service or complete license. Customers that only have sales users now can't configure the password policy..
We can manually insert it into the database for customers without service access but that isn't a great solution...
Why was it chosen to deprecate the CRM preference and use the CS variant of the functionality that isn't accessible for all users? Seems more logical to me to move it the other way around, make CS use the password policy preference from CRM.