After reviewing Huntress SAT: Allow listing guidance for M365, it appears that two of the required policies are in conflict.

Both Allowlist Phish Emails in Microsoft 365 EAC and Exchange EOP & the Allowlist Phish Emails in Microsoft Active Threat Protection (Safelinks) require the creation of a mail flow (transport) rule. The Allowlist Phish Emails in Microsoft 365 EAC guide however indicates you should "stop processing rules". The issue here is that means the Allowlist Phish Emails in Microsoft Active Threat Protection rule which modifies the message header never actually applies.

This can be seen in implementation in the attached image where only one of the rules actually applies.

Are both these rules actually required? If so, since both are set to "Apply this rule if…" the IP address matches Huntress IPs, couldn't they just be a single rule?