Under each company you will find a link on the navigation bar for Password Policies. You can create multiple password policies per company and assign precedence in case any of them conflict.
To get started, click on Add New in the password policies section and populate the name, display name, description and precedence. Once you do this you will have added it to your system and can edit the details of that policy.
Next, edit the password policy and populate the details. You will notice that these are the same details that you would populate for a traditional password policy in group policy. On the last tab you will choose the security group and/or users you want to apply the policy to.
If your users have not reset their passwords for 120 days and you set a 120 day or less password policy, then their passwords will likely expire instantly because Active Directory compares it to the password last set attribute and not from the date you created the policy. This is not a CloudPanel choice and is solely related to how Active Directory handles these passwords and password policies.