Email Security policies being applied incorrectly

I have discovered that if you create an email security policy and apply it to specific users, any users that have access to those mailboxes also get that policy applied, ignoring any explicitly defined ones for that user. I discovered this by having a bypass policy in place for some shared mailboxes that we didn't want anything potentially getting caught in spam. Anyone that had access to those mailboxes started getting the less secure policy applied to them as well. Not sure if this is intended behavior?

  • Hi  

    Would you please share the configuration screenshots if possible? Also, if you can provide more details, I can check with our team to identify if this is intended behavior.