, swheaties wrote

I'm just saying that your phone number is not a requirement for your data to be secure or your identity to be confirmed.

Microsoft is not confirming your identity via your phone number. It is collecting information that is required by the payment company in return for being exempt from charges in the event that a payment is made using a stolen credit card.

It's standard practice when a large company takes large numbers of online payments in return for fungible goods or services that are not delivered to an address. Paypal uses the ~10c deposit into your account, Microsoft sends an SMS message to a phone that you control.