Anti-Phishing > Impersonation Insights inaccuracy

Working with a client who are piloting Standard Preset Policies.  We have not added any Users to Protect.  We have added "owned domains" to the Domains to Protect list.  No other anti-phish policies in the tenant have any users listed in Users to Protect.  I repeat, zero policies have any users listed in Users to Protect, none, zero.

In Impersonation Insights (https://security.microsoft.com > Email & Collaboration > Threat Policies > Anti-Phishing > Impersonation Insights, we have 2 listed in the "Users" tab:

And in the details pane for either message, we see this:

I can't find anywhere in documentation that explains why this would happen.  It seems as though our user is being treated as a "Protected User", yet we've not added this user to any Anti-Phish policy's "Users to Protect" list.  We DO have mailbox and impersonation intelligence enabled on the policies.  When I read up on Mailbox Impersonation setting, I see this note:

The question I have is this - when Mailbox Intelligence identity's a message as impersonation, and when the impersonated user is NOT a protected user, is this enough to trick Impersonation Insight into pretending as though the impersonated user is a Protected User?