In Server Protection, under our Threat Protection Policy - some settings are enabled that require joining the Early Access Program, which we have not. Are these settings that are enabled working even if we do not join the EAP? It is a little confusing.
Thanks for reaching out to the Sophos Community Forum.
The settings you highlighted are shown as enabled because they will eventually be added to the Threat Protection Policy and enabled by default. Currently, these settings will only become active if you join the EAP programs.