I know how to reset my Authenticator app MFA settings in my host tenant. I woud use this link https://account.activedirectory.windowsazure.com/proofup.aspx?proofup=1 per instructions found here https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-manage-settings, and I would click on "Set up Authenticator app" button.
But how do I reset my MFA in a tenant where I am a Guest?
If you have only one MFA method set, and this method is lost to you, then as far as i know, you cannot join the guest organizations that you need to reset the MFA for. This means you cannot reset your authenticator app by going to your profile as is suggested in the other answer.
If you have set multiple methods for MFA (like authenticator AND phonenumber) then you may be able to log in using the 'Sign in another way' option. With this extra MFA option you can reset the MFA options that are lost to you, through 'https://myaccount.microsoft.com/'
When you are completely locked out of the tenants you are guest in, because you lost access to all your configured MFA options, what needs to be done is this:
Contact a global administrator of the organization you are guest in
Let her/him/them go to you user account (Azure Active Directory>Users)
Then she/he/they needs to select 'Profile > Authentication Methods'
And click 'Require re-register MFA'
After that you are asked to set-up MFA again for that organization when logging in.
Step 2:
Step4:
For your question, you can use the following two methods:
common to host tenant id in the address bar when using https://myapps.microsoft.com to log in request, and then log in with your guest tenant.
Provided you still have access to the original MFA device, or originally configured to also allow SMS MFA login, these instructions worked for me. This is based on what @Carl linked to above (http://www.uclabs.blog/2018/03/mfa-with-guest-access-and-different.html), but expanded out a bit as I struggled to follow it as written.
BTW I recommend doing all this in a private/incognito window, to be sure you know what you are logged in as.
Login to https://myapplications.microsoft.com/ using your 'normal' tenancy credentials.
Select the profile badge for you (circle, top right), and select 'Switch organisation' to log into the guest tenancy you want to reconfigure. At this point if you don't have access to the current MFA authenticator device you will need to use 'login another way' to use SMS MFA for this login.
Now, in the guest tenancy, select your badge again, and select 'My Profile'. If you don't see 'My Profile', use the ellipsis (...) and select to leave the 'new experience'. When the page reloads, now you should find the 'My Profile' link under your badge.
On the profile page, right hand side, you should see 'Additional Security Verification'. This should get you to this page in the guest tenancy: https://account.activedirectory.windowsazure.com/Proofup.aspx
From there you should see options to (re)setup your Authenticator app (scan the QR code etc...). Don't forget to delete the registration for your old phone too.
It would seem, that some things have changed and either the URL-s given in the answers (not just in this question, but in many others and in found articles) don't work, or redirect to different addresses. Depending on what you are allowed to in the AAD you try to tweak your MFA in, you may actually not have access to those intermediate addresses and getting blocked, but it may turn out, that the actual MFA setup page is available to you and you only need to know its address.
The address I found to be currently leading to where you should be is:
https://mysignins.microsoft.com/security-info?tenant=00000000-0000-0000-0000-000000000000
where instead of 00000000-0000-0000-0000-000000000000 you should put the ID of the directory you want to set up MFA for.
If you have lost access to your already set up MFA methods, then the AAD admin will have to step in, e.g. as in the accepted answer from Datautomate.
