We are using SharePoint Online sites for collaboration with 3rd parties.
We ensure that our company accounts (which are synced from on-prem AD to Azure AD) are 2 factored for extra security.
We invite 3rd party accounts in in order to collaborate.
Is there any way that can I block 3rd party accounts that are not 2 factored to my SharePoint online site?
Or, what is the best way to approach this?
You can enforce a CA policy that requires MFA for guest users, if that's what you mean. Simply use the "all guest users" condition.
Can this be done on a subsite by subsite basis?
No, best you can do is by Site collection, but even that only covers some of the CA settings, not all.