Multiple Microsoft accounts on phone - security issue

Question

Scenario: User has a personal Android phone, with a personal Outlook account on it. They also add their work account (M365), and Authenticator / Company Portal as the work account requires this. They have the phone link app installed for connecting to their personal laptop, signed in with their personal Outlook account. Everything appears to work correctly.

However, if the user resets the password on their personal account, this appears to have no effect on Outlook on the phone and it continues to work with the cached details. If the user goes into their Microsoft account, the device does not appear there (their home Windows computer is there, but no Android devices). They have the Phone app on their laptop, linked to their phone with their personal account, and syncing - and Microsoft's instructions claim that this is one of the ways to link an Android phone to a personal Outlook account. However, despite the app having been installed and working for a long time, the device still doesn't appear in the account.

Anyone know what is happening here? Obviously there are security risks - the user cannot unlink the phone from their personal account if the phone gets lost, as the phone doesn't even appear in their personal Microsoft account despite the fact that Outlook and the phone link app are installed and working on the phone.

The Microsoft accounts do have a 'sign out everywhere' option, but this can apparently take upt o 24 hours which is not good enough given that the password reset doesn't appear to stop Outlook syncing email on the phone.

Is this a conflict between personal and work accounts, with the work account effectively claiming 'ownership' of the phone so that it doesn't appear at all in the devices list in the personal account?

Thanks