When a SharePoint site is shared with an external user who is already has an active 'guest account', they click on the link and are then required to set up 2FA ('Your organization needs more information') before accessing the site, but get stuck in a loop.
They get redirected to set up the 2FA which is successful. However, when clicking 'done' to continue signing in, it takes them back to the 'Your organization needs more information' prompt and back into setting up 2FA'. Clicking next takes them to a screen where it says that MFA is already setup and to click 'Done to continue signing in'. However, clicking 'done' (there is no other option) takes them right back to the 'Your organization needs more information' screen.
Azure shows that their 2FA device registered successfully. I have tried revoking 2fa sessions and requiring 2fa re-registration, but that doesn't fix it.
We are using Azure security defaults, so there are no conditional access policies configured. Sign in logs show sign-in status as 'interrupted', authentication as 'succeeded' and Result detail= 'redirected to external provider for MFA', (provider was set up using MS Authenticator, but fails in the same way using alternative 2fa methods).
Users can skip the MFA requirement by selecting 'ask later', but for some users, they only have a few days left before setting up MFA is required. This is happening for multiple external accounts- both real accounts and test accounts that I have created.
Why is this happening?