To work on Microsoft 365 Defender we have set up MSSP access as defined in https://cloudpartners.transform.microsoft.com/download?assetname=assets%2FAzure-Sentinel-Technical-P.... Now we noticed that with the guest users, which have activated the Security Administrator  role via the access packages and PIM, we can't access the Threat Policies within the Microsoft 365 Defender tenant. We tested it on our lab tenant, and there the behavior is the same, but for member users the issues does not arise. Is this expected behavior? If so, is there another way that we can manage our client's threat policies without creating member users in their tenant?

Is the limited support for guest users documented anywhere by Microsoft? It is stated in the docs that sec admin has these permissions, but there is no mention anywhere that this would be limited for guest users.

If anyone has more info on this issue, or even a better way of working, sharing it would be greatly appreciated.