BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM not working for write

I am using the custom_bluetooth_service tutorial from https://github.com/bjornspockeli/custom_ble_service_example. However, I now want to try increasing security settings (encryption and adding passkey restrictions to characteristics). Someone from this post https://devzone.nordicsemi.com/f/nordic-q-a/28746/nrf51822-password-on-characteristic said to set "the authorization flag (rd_auth and wr_auth)". But when I try doing custom_value_char_attr_md.rd_auth or BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.wr_auth) I get the error that the members rd_auth and wr_auth do not exist. (I am using SDK v15 with NRF52840 DK PCA10056 and S140).

So to increase security I tried using BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(). When I do BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.read_perm), the custom characteristic no longer appears under the service after I scan and connect my NRF52840 DK . I undo any code change and now do BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.write_perm), and this has no effect on the custom characteristic or reading/writing.

static uint32_t custom_value_char_add(ble_cus_t * p_cus, const ble_cus_init_t * p_cus_init)
{
    uint32_t            err_code;
    ble_gatts_char_md_t char_md;
    ble_gatts_attr_md_t cccd_md;
    ble_gatts_attr_t    attr_char_value;
    ble_uuid_t          ble_uuid;
    ble_gatts_attr_md_t attr_md;

    // Add Custom Value characteristic
    memset(&cccd_md, 0, sizeof(cccd_md));

    //  Read  operation on cccd should be possible without authentication.
    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.read_perm);
    BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cccd_md.write_perm);

I undo any code change and now do BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cus_init.custom_value_char_attr_md.read_perm). After I scan and connect to the DK, when I try to read values from the characteristics of the custom service, the nrf_connect application successfully bonds with the DK, but afterwards I still cannot read the characteristic values of the service. 

I undo any code change and delete the bonding in the nrf_connect app. Now I do BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cus_init.custom_value_char_attr_md.write_perm). After I scan and connect to the DK, I can read values from the characteristics of the custom service. When I try writing values to the characteristics, the nrf_connect application successfully  bond with the DK, but I cannot write values to the characteristics anymore.

static void services_init(void)
{
        ret_code_t          err_code;
        nrf_ble_qwr_init_t  qwr_init = {0};
        ble_cus_init_t      cus_init = {0};

        // Initialize Queued Write Module.
        qwr_init.error_handler = nrf_qwr_error_handler;

        err_code = nrf_ble_qwr_init(&m_qwr, &qwr_init);
        APP_ERROR_CHECK(err_code);

         // Initialize CUS Service init structure to zero.
        cus_init.evt_handler                = on_cus_evt;
    
        BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cus_init.custom_value_char_attr_md.cccd_write_perm);
        BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cus_init.custom_value_char_attr_md.read_perm);
        BLE_GAP_CONN_SEC_MODE_SET_OPEN(&cus_init.custom_value_char_attr_md.write_perm);

My questions are: Is this behavior expected? I am confused as to why BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM(&cccd_md.write_perm) does not restrict writing to the custom characteristic.

I didn't do any passkey testing yet, but if I later add a passkey can the user enter the passkey to gain access to service/characteristic read & write if I am using BLE_GAP_CONN_SEC_MODE_SET_ENC_WITH_MITM?