This article explains that attack protection settings apply to the entire tenant and cannot be customized for individual applications.

• Attack Protection
• Bot Detection
• Suspicious IP Throttling
• Breached Password Detection

Attack protection settings (Bot Detection, Suspicious IP Throttling, Brute Force Protection, Breached Password Detection) are configured at the tenant level. These protections apply the same thresholds across all applications within a single tenant. It is not possible to customize protection levels for a specific application or connection.