Azure PIM - cascade policies down scopes

This is not about AAD PIM but Azure roles PIM.

The API for PIM policy updates uses an object:

https://learn.microsoft.com/en-us/graph/api/resources/unifiedrolemanagementpolicyruletarget?view=graph-rest-1.0

which contains a "target" element which has an "enforcedSettings" element which claims to force policy settings onto "child scopes". There seems to be no equivalent in the portal GUI. For example, if I want to apply a PIM policy to a role at, say, a management group level, I would expect this policy to apply to the role right down to the resource level but this doesn't seem to the case. It can't be that I have to apply the policy to every subscription, resource group and resource below the MG as well?

For example, if I set the max duration of activation to 10 hours for a role at the MG level, this is not reflected in any of the subs/RGs/Resources below the MG in the PIM portal. If I try this same thing via the API and use the "enforcedSettings" element on the MG which seems to indicate that it would enforce the settings for "child scopes", nothing happens - the policy is set correctly at the MG level but everything below that retains the default settings for the policy and can be changed in the portal.

This makes PIM for Azure resources all but useless as the policy assigned at the MG level doesn't cascade down to child scopes?

I brought the root MG under PIM management via the GUI and verified that the "MS-PIM" SP had "User Access Administrator" on all child scopes, as expected.