We are looking to understand how the "User access to content expires" encryption setting is supposed to function. In our tests, it is not producing the expected results. Here is what we are seeing:

1. Label is created and published with the following encryption settings: "User access to content expires" set to one (1) day, and permissions are assigned to a specific user at the co-author level.
2. The label is applied to a document in another user's OneDrive; and the document is then shared with the user who was granted co-author permissions in the encryption settings of the label, using the Share function, at an edit level.
3. After 1 (and now 2) days, the user with whom the document was shared continues to have access to the document and is able to edit it. This is not what we expected - we anticipated the encryption locking out this user, as well as any other user other than the document owner, after 1 day.

Can someone share how this setting is intended to function?

Thanks!