Hi Rivka,
Those are excelent news. The point with the password is that Microsoft uses a SAS token for authenticating the client. This token exceeds the 128 characters. In my case my token is 139 characters long, so I think that this new limit of 255 character for the MQTT password is more than enough.
Regarding the authentication using client certificates is also a real good news. It will add a good value for our projects.
Thanks for the update Rivka!!