Please consider this example: If you apply the policy to the MS graph, all the tokens for it would by ruled by the Policy. So, any app that requests a token for the MS Graph resource will be affected.
So the token lifetime policy is not based on the AAD App registration that is being used to request the resource. But it applies to the resource you're trying to access. So the resource needs to have the lifetime token policy not the aad app registration that has the permissions.
The only way to apply the policy to the app instead is if you request a token with permissions to the AAD Application Registration.
Additionally, please avoid using Token life time policies. this will be deprecated some time in the future, please use conditional access policies