Sophos Central migrated SMIME EMAIL security policies do not work any longer

Dear admins, Dear Sophos support,

I would llike to close this topic  -  Meanwhile we have been created a Sophos Ticket which has been sent to 3rd level support / Developers, which has been closed already.

It was reported by Sophos support,  that any SMIME policies do not work against EMail accounts marked as "Distribution List" any longer.
Last support msg (09.05.2023) was that SMIME should work against Distrubtion lists as well now, but we never got to test this scenario.

Our final solution was to re -create all email accounts which were marked as "Distribution List" and make new "User" related mailboxes and entries.
Even for our shared mailboxes / team email we were creating user-based  "People" and "EMail inbox".  Since Sophos wants a license per Mailbox, disregarding if it is a real user or a shared mailbox, it did not matter anyway to have these Email inboxes.

this issue we have seen since the changes in the policy adminstration -  separation of Data / Security / Content policies in the admin dashboard.

We were facing this issue, because we imported User / Email lists from Active Directory one-time,  to make our migration to Sophos cloud protection easier.
While doing this , Sophos recognized some addresses as "Distribution Lists" from Acttive Directory and left them on this status.
In the beginning, we were not aware of this and - did not know howto properly delete and re-create user accounts / mailbox in Sophos Central and after the Policy change in February we faced this failures.

we wanted to share our gained knowledge with the community.
Thanks everyone for contributing solutions, feedback and input to these forums.


Summary
From what we learned now,  Mailbox protection is best to have on "User mailbox" (shown by the icon in front of the email list) 
If you need to change this, you need to first delete and recreate the user account + mailbox 
All policies will work , either basic or self-generated.  If one policy is hit by an emali , other policies below in the list will not be executed.

EMail Aliases per mailbox are used by sophos protection fully transparent, but if you want to catch Alias addresses your target system (if there exists) must handle the incoming alias adress as well , sophos does not automatically translate this.

you definitely need 1 license per email address, disregarding if a team address / shared mailbox or single user.
Email address  that is not licensed, will appear in the reports -> license report list on the right side and will not be protected ( please correct me if i am wrong here )
this means it will have no policies applied either, including SMIME policies.
the list of EMail Addresses in this report  is like a  "live" monitoring from Sophos Central and represents the real set of your incoming and outgoing EMail . it is updated every xx hours.  (did not find clear KB information about this )

Dear admins, Dear Sophos support,

I would llike to close this topic  -  Meanwhile we have been created a Sophos Ticket which has been sent to 3rd level support / Developers, which has been closed already.

It was reported by Sophos support,  that any SMIME policies do not work against EMail accounts marked as "Distribution List" any longer.
Last support msg (09.05.2023) was that SMIME should work against Distrubtion lists as well now, but we never got to test this scenario.

Our final solution was to re -create all email accounts which were marked as "Distribution List" and make new "User" related mailboxes and entries.
Even for our shared mailboxes / team email we were creating user-based  "People" and "EMail inbox".  Since Sophos wants a license per Mailbox, disregarding if it is a real user or a shared mailbox, it did not matter anyway to have these Email inboxes.

this issue we have seen since the changes in the policy adminstration -  separation of Data / Security / Content policies in the admin dashboard.

We were facing this issue, because we imported User / Email lists from Active Directory one-time,  to make our migration to Sophos cloud protection easier.
While doing this , Sophos recognized some addresses as "Distribution Lists" from Acttive Directory and left them on this status.
In the beginning, we were not aware of this and - did not know howto properly delete and re-create user accounts / mailbox in Sophos Central and after the Policy change in February we faced this failures.

we wanted to share our gained knowledge with the community.
Thanks everyone for contributing solutions, feedback and input to these forums.


Summary
From what we learned now,  Mailbox protection is best to have on "User mailbox" (shown by the icon in front of the email list) 
If you need to change this, you need to first delete and recreate the user account + mailbox 
All policies will work , either basic or self-generated.  If one policy is hit by an emali , other policies below in the list will not be executed.

EMail Aliases per mailbox are used by sophos protection fully transparent, but if you want to catch Alias addresses your target system (if there exists) must handle the incoming alias adress as well , sophos does not automatically translate this.

you definitely need 1 license per email address, disregarding if a team address / shared mailbox or single user.
Email address  that is not licensed, will appear in the reports -> license report list on the right side and will not be protected ( please correct me if i am wrong here )
this means it will have no policies applied either, including SMIME policies.
the list of EMail Addresses in this report  is like a  "live" monitoring from Sophos Central and represents the real set of your incoming and outgoing EMail . it is updated every xx hours.  (did not find clear KB information about this )