I just want to change our password policy to 12 characters length. And we wanted to to know who it will affect. Meaning if I have a password that is 16 length will it make me change it. I Wanted to see if there was a smart group or attribute that we can make to make sure that it won’t affect the people who have more than what is needed. Also I wanted to know if I do change the policy will it only affect new users or make everyone change it.
You didn't mention this, but password age is a good thing to cover. I recommend setting a max password age. There is not really a way to "peek" a users password for JAMF to be able to report on anything involving passwords. Being able to use CLI to "peek" a users password would be a massive security concern.
I cannot stress enough. Test, test and test again. A good thing about the password requirement configuration profile. If something breaks you can just remove the configuration profile and the account will work like normal again.