Application policies require the Security Policies Add-On package, which you can read more about here.
Application policies allow you to create specific security requirements and enable different security settings for different applications or application groups. When adding an application policy, you can restrict access to an application based on geolocation, an IP whitelist or an IP blacklist. You can also enforce MFA for specific applications, which means that users need to have at least one MFA method set up before they can access any applications with that specific application policy. It's also possible to enable "Prompt MFA" which will challenge the user with a multi-factor method every time they want to log into an application in the policy for additional security.
In the application policies, it's also possible to add password settings which adds specific password requirements for any applications that has been assigned the application policy. This includes specific minimum password length, inclusion of special characters, lower/upper case characters and even automatic password expiration after a set timeframe.
You are able to access and manage your application policies by clicking on Security -> Application Policies.