Thanks a lot for all the answers. I was in a contact with MS support and they pointed out that.
According to above details either team who is managing ISRG Root X1 CA provide certificate which only include Server Authentication only without including Client Authentication or same team didn’t fulfill program requirement for example EKU Requirements.
It seems like that including client auth requirement in the request is solely in Letsencrypt hands. I saw that @josh was responsible for filing this at Mozilla, so maybe he was involved in filing the CA inclusion request at Microsoft also. Who can I talk to if we would like to allow ISRG Root X1 to be enabled for client authentication at Microsoft? We need this to be able to use Letsencrypt certificates for mutual TLS.