I have the same issue.

Group contains such field: securityEnabled.

So if securityEnabled=true - requests with allowExternalSenders,autoSubscribeNewMembers,hideFromAddressLists,hideFromOutlookClients will fail with 401.

This is not a very logical decision on Microsoft's part, since the entire request fails. It would be better to simply return null.