diff --git a/ee/app/services/security/security_orchestration_policies/policy_branches_service.rb b/ee/app/services/security/security_orchestration_policies/policy_branches_service.rb
index 389b96ab428f04ea9f11777cf57801723cc1c722..1f42683ca3aa00d81cf72f29a2de3963d7874b58 100644
--- a/ee/app/services/security/security_orchestration_policies/policy_branches_service.rb
+++ b/ee/app/services/security/security_orchestration_policies/policy_branches_service.rb
@@ -83,9 +83,12 @@ def matched_protected_branches
         all_branches_matched_by(all_protected_branch_names)
       end
 
+      # all_branch_names does not include group level protected_branches.
+      # So we need to include all_protected_branch_names to check if the pattern
+      # matches the group level protected_branches.
       def all_branches_matched_by(patterns)
         patterns.flat_map do |pattern|
-          RefMatcher.new(pattern).matching(all_branch_names)
+          RefMatcher.new(pattern).matching(all_branch_names + all_protected_branch_names)
         end
       end
 
diff --git a/ee/spec/services/security/security_orchestration_policies/policy_branches_service_spec.rb b/ee/spec/services/security/security_orchestration_policies/policy_branches_service_spec.rb
index cb6d08f3e82425e79d921d0b801ad22e17cf18c6..abecefcae43f00ae7dd71cfadec0474ea5f0ee69 100644
--- a/ee/spec/services/security/security_orchestration_policies/policy_branches_service_spec.rb
+++ b/ee/spec/services/security/security_orchestration_policies/policy_branches_service_spec.rb
@@ -130,16 +130,26 @@
           project.save!
 
           group.protected_branches.create!(name: branch_name)
-
-          project.repository.add_branch(project.creator, branch_name, project.repository.head_commit.sha)
         end
 
         after do
           project.repository.delete_branch(branch_name)
         end
 
-        specify do
-          expect(execute).to include(branch_name)
+        context 'when branch is not present in project' do
+          specify do
+            expect(execute).to include(branch_name)
+          end
+        end
+
+        context 'when branch is present in project' do
+          before do
+            project.repository.add_branch(project.creator, branch_name, project.repository.head_commit.sha)
+          end
+
+          specify do
+            expect(execute).to include(branch_name)
+          end
         end
 
         context "with feature disabled" do