currently, a service policy can skip App firewall processing, skip bot processing, and skip Malicious User Mitigation.

It cannot skip API Protection, DDos Protection, IP Reputation, Open API Specification Validation. This would have to be added manually to "Trusted Client Rules" to each Load Balancer, as detailed here https://f5cloud.zendesk.com/hc/en-us/articles/6628615189911-How-do-I-skip-Bot-Defense-and-or-WAF-for-a-trusted-client-

If would be very convenient to skip these protections via Service Policy, as we can just add the SP to a Namespace and it would apply to all LBs in the namespace