Hi Pavel,
First I'd suggest you have your policy email you when triggered.
You should be able to trigger this alert simply by renaming a file with the .xyz extension.
Secondly, you won't get a user block unless you configure 'send alerts to power automate', and you have a power automate rule to block the user - that's more advanced to troubleshoot so I'd work on step #1 first.
Finally, you should go into settings > cloud apps > app connectors and at least connect to M365 and Azure for your tests.
And watch this video:
https://www.youtube.com/watch?v=ABo0xipheJo&ab_channel=JacksonFelden-CloudandSecurity