Restrict pod to pod communication using Istio authorization

Trying to restrict pod to pod communication using Istio authorization, followed steps as specified in Istio Documentation. Even after applying the authorization policy not able to restrict the traffic to a specific pod, service/pod is accessible from all pods in the namespace.

Below is the authorization policy


kind: AuthorizationPolicy
  name: whitelist-service
  namespace: default
    matchLabels: service-A
  action: ALLOW
  - from:
    - source:
        principals: ["cluster.local/ns/default/sa/service-B-svc-account"]  
  - to:
    - operation:
       ports: ["9090"]

Also enabled the mTLS in the namespace but still not able to restrict traffic between 2 pods.

I am still relatively new to Istio so any help pointing me into the right direction would be most appreciated!