Apply policies to all mailboxes

We use Sophos Central Email Security and have been just using the base policy with some modifications. This weekend, Sophos seems to have set the base policy settings back to default, and I am no longer able to change any settings on the base policy despite being Super Admin. Apparently this can now only be changed by a Sophos Central Partner, but the techs at our MSP are also unable to edit the base policy.

So, in order to modify the email policy I have created a new one and changed the settings accordingly. However there does not seem to be an easy way to apply the policy to all mailboxes. We sync our 365/AAD into Sophos which brings over all the dynamic 365 groups e.g. 'All Users' but when using these on policies they do not apply to any users. It seems like the only way to achieve this is to create a new 'static' group in 365 or Sophos, manually add all mailboxes, then apply the policy to that group. Then remember to add new mailboxes to the group when they are created.

Hoping there is an easier way, especially now we are unable to edit base policy!

Edited TAGs
[edited by: Gladys at 9:42 AM (GMT -8) on 19 Jan 2023]