Stop enforcing a maximum password length
When changing my O365 password I am told that I cannot use a password longer than 16 characters.
Many people now rely on password managers to create longer (and therefore safer) passwords which can easily be greater than 16 chars in length. Using 'passphrases' is also becoming more common which are longer yet easier to remember.
Your password policy (https://support.office.com/en-us/article/Password-policy-recommendations-for-Office-365-9fa2539a-2211-41fd-85a0-bc37b9619ca4) talks about the (real) dangers of enforcing a minimum length that is too large for users to remember, but it says nothing about why you have chosen to enforce a maximum length.
I can't think of a valid reason for this unless maybe the code is dependent on some library that expects a max length or (heaven forbid) your passwords are not being salted+hashed and the size of a db column is stopping you.
Please change this.