Issue with Identity Governance Access Package Failing in Restricted Admin Unit

Good evening and happy New Year!  We are experiencing difficulties integrating a restricted management administrative unit (AU) with an existing Microsoft Entra Identity Governance Access Package. Specifically, Access Package administrative assignments fail when a security group is added to the restricted management AU.

Context and Configuration:

1. Purpose of the Setup:

We are configuring an Entra ID Administrative Unit (AU) as a Restricted Management Administrative Unit.
The purpose of this AU is to:

o   Provide a specific Cloud Operator ("Cloud Operator (May, Shawn)") with Groups Administrator access to manage a specific security group: "Cloud Operators for Role - Group Administrator."

o   Restrict changes to the group membership of "Cloud Operators for Role - Group Administrator" to only the Access Package.

I have an Identity Governance Access Package that allows help desk personnel to administratively assign people to this group via the Entra ID Access Package web interface. This Access Package works perfectly (admin-assignment of the group) when not integrated with the restricted management AU.

• Administrative Unit Configuration:
• Name: Cloud Operators for Role - Groups Administrator
• Type: Restricted Management Administrative Unit
• Scope: Cloud Operators for Role - Groups Administrator
• Role: Groups Administrator

Administrative Unit Role Assignments:

Eligible Assignments:

Role: Groups Administrator

o   Principal: Cloud Operator (May, Shawn)

o   Scope: Cloud Operators for Role - Group Administrator

Active Assignments:

Role: Groups Administrator

o   Principal: Service Principal ("Azure AD Identity Governance - User Management")

o   Scope: Cloud Operators for Role - Group Administrator

Directory Role Assignments:

Active Assignments:

Role: Global Reader

o   Principal: Service Principal ("Azure AD Identity Governance - User Management")

o   Scope: Directory

Problem Description:

When the security group "Cloud Operators for Role - Groups Administrator" is added to the restricted management AU, Access Package administrative assignments fail.
Upon removing the group from the restricted management AU, the service principal is again able to successfully assign users to the Access Package.

Access Package Error Message:

{
  "error": {
    "code": "GroupOperationNotAllowed",
    "message": "Insufficient privileges to complete the operation. Target object is a member of a restricted management administrative unit and can only be modified by administrators scoped to that administrative unit. Check that you are assigned a role that has permission to perform the operation for this restricted management administrative unit. Learn more: https://go.microsoft.com/fwlink/?linkid=2197831",
    "details": []
  }
}

This issue seems to stem from the documented limitation that groups within a restricted management AU cannot be managed using Microsoft Entra Identity Governance features. This is detailed in the Microsoft documentation: Admin units with restricted management

Desired Outcome:

I need guidance on how to:

Allow the Access Package service principal to manage the group "Cloud Operators for Role - Group Administrator" while retaining the restricted management AU.
Confirm if there are any workarounds or configurations to bypass this limitation.

The issue affects a critical administrative process. Any assistance in resolving this limitation or providing alternative approaches would be greatly appreciated.