Hi @HK G • Thank you for reaching out.
Yes, you are right. Users who are unable to use their registered MFA method, won't be able to add another MFA method without re-registering for MFA. You can require them to re-register MFA from the AAD portal or by using below PowerShell cmdlet (for bulk operation):
Connect-MsolService
Set-MsolUser -UserPrincipalName username@your-tenant.onmicrosoft.com -StrongAuthenticationMethods @()
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.