This control defines the number of unique passwords a user must leverage before a previously used password can be reused. If an attacker compromises a given credential that is then expired, this control prevents the user from reusing that same compromised credential.
Solution
Make sure 'Enforce password history' is set to remember a minimum of 24 passwords.