Role based access Defender for Endpoint

We use Defender for Endpoint role-based access for specific groups.

A typical group are the security engineers who do have access to Security operations and so Device timeline and vulnerability management as well.

Another group is the engineers taking care of vulnerability management. This group does have permissions to TVM. (Permission 'view data' -> 'Threat and Vulnerability management') but they don't have the 'security operator' permissions, so they can't read the timeline nor security alerts.

This role assignment always worked, the engineers could open a device and view the device vulnerabilities and security recommendations, until a week ago. (timeline and alerts were greyed out)

Since last week, the users with a TVM role do get a "cannot find" (404) error when they open a device.

The only way to solve this, is to assign the 'security operator' role, something I don't want since I want to restrict the information they can see.

I submitted a case to Microsoft support and I do get the feedback that this is expected and TVM user do not have access to the device view. I don't agree with this, TVM is useless without the device view, it always worked and the permission description states 'Device page TVM tabs'. So in my opinion, something is broken.

Looking for confirmation or opinion. For me, it looks like a bug introduced with recent changes.

See screenshot, for the role our vulnerability team had assigned.