You can only avoid rotation on passwords that are MFA-protected.

If you implement a password manager, you must mandate auto-fill only and actively discourage (via training) copy/paste of credentials to a web site. Train the users to view “auto-fill not working” as a red flag. (This doesn’t apply to non-website credentials). Mandate all passwords to be auto-generated. Mandate that the only manually-entered password is the one for the password manager. Of course, you must have MFA on the password manager entry.

This will allow your users to comply with frequent password rotations much more easily. Auto-fill requirement/culture is critical to reducing phishing success, especially for tired eyes.