The flatulence about two factor auth is a red herring and not the subject of this thread. A phone is not any more of a security device than a laptop or a desktop or a wristwatch or an abacus. BTW please note that MS can, and does, obtain hardware ID's and various software ID's from computers and phones. This is only one of dozens of reasons why MS does not need to REQUIRE your phone number.
It was explained, fairly nicely, how SMS is better here. If you don't agree you have to address that, not just say that two factor auth is a red herring. BTW, hardware ID's and other such metadata aren't going to make for "good" solutions to the "something you have" argument about e-mail. Actually, it won't make for any kind of solution here.
It was already pointed out that the TOS does give you ironclad protection here. Like you say, it's not rocket science.
Honestly, very few things for which I get billed don't require both an address and a phone number, so I don't get the concern here. If a free service required my phone number I'd have to consider, but Azure isn't that. BTW, I have been asked for my phone number when purchasing something in a store on more than one occasion, so that little analogy you made earlier is more real than you seem to realize.