- a guest account is authenticating in their home tenant meaning that a change in our tenant won't affect the users as long as the user has used any MFA method when authenticating
External users are invited to sign in to your Azure AD organization using their own credentials. So you are correct.
- if the guest account has not used MFA it has to be setup after the authentication when landing at our tenant.
You can use conditional access to ensure that all guest users must use MFA to authenticate on your tenant.