Hello anonymous user , If I understand correctly, your goal is to evaluate NSG resources and not /NetworkIntentPolicies or /vitualNetwork resources.
If yes, then my first suggestion is to verify the location where your Policy definition file is currently saved to.
The location determines the scope at which the Policy initiative or rules can be assigned.
Resources must be under the Policy definition's resource hierarchy for them to be targeted for assignment.
Are all your resources deployed under the same subscription or management group? If so, then that could be the reason why your deny rule applies to the other resources. To resolve, explore the option to create an exclusion-based assignment scope for the set of resources you wish to exclude from policy evaluation using the array property
properties.notScopes. More information here.
Hope this helps but don't hesitate to ping if you have any follow-up questions.