Hi,
Basically, Azure does not know if the account is external/guest. This information is checked against Azure AD. As Azure Policy works only within the boundaries of Azure and cannot work on Azure AD this is not possible. Policy 'External accounts with read permissions should be removed from your subscription' works in a way that Defender for Cloud (Azure Security Center) does the check if that there are external accounts that have role assignments on Azure based on schedule and by looking if account is external trough Azure AD. The results are then published to API on Azure. The Azure Policy goes and checks the results for that API. The mentioned sample does checks against role assignments API (Microsoft.Authorization/roleAssignments) but the API does not know if the account is external or not. So the short answer is not possible to do this via Azure Policy.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.