@Alyse Hart, Thanks for posting in Q&A. From your description, I know you have a few questions about "Turn on PUA protection in block mode" action.
For your problem, I have done some research, here is some information you can refer.
1.If you turn on PUA protection in block mode, it does not make Defender scan and retroactively remove any possible PUAs on a user device. However, when configured in blocking mode, PUA files are moved to the quarantine.
2.If this feature is turned on in block mode, it will help protect against the download of PUAs, including side loaded applications, executables and so on.
3.This feature protects all devices that have Microsoft Defender Antivirus installed, including Intune Managed devices.
Hope above information can help. If there is any update, feel free to let me know.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.