I found this article:
https://support.microsoft.com/en-us/topic/ms16-072-security-update-for-group-policy-june-14-2016-7570425d-d460-3003-b2ac-a464c874725d
Reading it I noticed that LB Processing in some cases requires to specify also computer name in "securety filtering" area.
So I tried to add it (beyond users or security groups) and now the policy is applied correctly.
In Windows server 2016 and Windows server 2019 I never specified computer name into the policy because it is included inside OU where policy is linked ... so for me this is a strange behaviour that sounds like a type of bug.
Anyway ... I hope this can be useful for the community
Massimo