I'm running 8404 and there are no issues setting different password policies on individual user accounts within a resource. The resource password policy is used when adding new user accounts as the default but you can change this before you click add and of course you can change it one the user account is added at any time later.
That's an interesting point Ganesh brings up, but I'm not sure it was clearly defined. Ganesh perhaps you can clarify for us please.
When resetting the password you can choose to use a unique password for each account or use a the same password for all accounts, it might be nice to have this option, to set the passwords to all the same value but it's extremely inadvisable to do this because of the security concerns. Perhaps this option should be removed to save us from shooting ourselves in the foot but I'm happy to debate on this if someone else can site a scenario where this might be used and outweigh the risk of using it incorrectly.
Also I think there is a flaw in that logic as you can choose an entirely different password policy which, unless this also reset the password policy defined on the user accounts, which it doesn't could cause password compliance reports to show all passwords as non compliant which is a nightmare!
Anyway my understanding is this there are 3 ways of resetting passwords (I'm going to ignore forcing a common password as bad practice and one that will probably throw up lots of compliance alerts):
1. At the resource level using the More Actions button - If this uses use the Resource default Password Policy then we may have compliance alerts which is BAD
2. At the Resource Group Level - If this uses the resource group default password policy we will again get compliance alerts which is BAD
3, at the user group - ahhh at last sanity resurfaces :-) the password policy that is applied is the password policy in the user account. No compliance alerts.
https://clan8blog.wordpress.com/