Replacing a passcode profile with a passcode declaration on macOS requires a passcode change

We've put in a feedback assistant request, but not sure if we will get feedback in that channel or not and also want to highlight for others.

When replacing a basic passcode profile on a macOS device with a passcode declaration, the user is required to change the password after logging out and back in. Explicitly including the "ChangeAtNextAuth" key set equal to false, set required a password change after logging out and back in. Once the declaration is active and the password has been changed, future updates to the passcode declaration do not require a password change unless the existing password is not compliant.

Steps to reproduce:

1. Install a basic passcode profile on a macOS device
2. Ensure the existing password matches the requirements specified in the profile
3. Install a passcode declaration with the same settings as the passcode profile currently installed
4. Remove the traditional passcode profile from the device
5. After the passcode declaration is installed, check the local pwpolicy with the command pwpolicy getaccountpolicies and look for the key policyAttributePasswordRequiredTime
6. Log out of the macOS device
7. Log back into the macOS device and you are presented with a change password prompt

Expected result: Simply replacing an existing passcode profile with the exact same settings in a passcode declaration should not require a password change if the existing password is compliant.

Actual results: After replacing the passcode profile with a passcode declaration, a password change was required even though the existing password was compliant.

Initial testing was done with a macOS VM running 15.5. Additional testing has now been done with a macOS VM running 26.4.1 and the same behavior was observed.