Is it possible to exclude guest users invited into the tenant from the MFA registration policy? According to this documentation:
"Microsoft accounts that have been granted guest access to your Azure AD tenant, such as those from Hotmail.com, Outlook.com, or other personal email addresses, are not able to use Azure AD SSPR. They need to reset their password by using the information found in the When you can't sign in to your Microsoft account article."
This means that guest users should not be prompted to register for MFA/SSPR since they can't benefit from this functionality in the resource tenant. Is this something that has not been taken into consideration?