I queried this with Microsoft support and got a response a few days later. Setting it to false is a best practice thing to reduce password resets and such. Not a technical limitation.