Do not assume that everybody must use Azure integrated AD and Exchange online
Office365 allow to setup various factors for MFA for normal users, but not for admin accounts.
Admin accounts have only two choices, phone and e-mail.
But for the e-mail Microsoft assumes a priori that one must have the Active Directory integrated with Azure and using as e-mail Exchange online, so it refuses to allow the use of a e-mail from the same mail domain as the one with Office365.
This means people have to use as recovery a private e-mail, making it potentially available/visible to other admins, or anyway sending work e-mail to less secure e-mails.
When an organisation does not have the local AD integrated with the Azure one (we do not, both for security and privacy) and/or does not use Exchange online, the system should not refuse the use of an e-mail that corresponds to the domain registered in Office365.
In this type of configuration, losing the password to the Office 365/Azure AD will not mean losing the password to access the e-mail, that is in a local server and not in an Exchange online.