According to your information above, external users are unable to read the message through outlook client. Could you please check if they could access the email using OWA? If yes, this seems to be an expected behavior and I saw some similar issues as well:
CAA20004 AADSTS90072: USER ACCOUNT FROM IDENTITY PROVIDER DOES NOT EXIST IN TENANT
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
And: Encrypted e-mail error AADSTS90072
Using AIP with Exchange Online provides the additional benefit of sending protected emails to any internal or external users. These emails should be encrypted at rest and in transit, and be read only by the original recipients.
And when sending encrypted emails to external users with AIP, it requires Office 365 Message Encryption capabilities. If the recipients cannot open the protected email in their native email client, let's say Outlook desktop client, they can use a one-time passcode to read the sensitive information in a browser. Therefore, users will still be able be view encrypted messages in OWA.
We may check the steps mentioned in this thread as well, To exclude AIP from your existing Require-MFA Conditional Access policy:
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.