Device Compliance policy for ATP seems incredibly permissive

[ndss8989]

The readme states:

Privileged Compliance ATP policy is used to feed the Threat Intelligence data from Microsoft Defender for Endpoint into the devices compliance state so its signals can be used as part of the Conditional Access evaluation process.

However it looks like the policy has very loose parameters i.e. all of these are false: passwordMinimumLength, defenderEnabled, activeFirewallRequired

Can anyone explain this?