Enter your number - anyone can.
Probably that person received the activation code by E-mail or something else.
It seems to me that you did what is called "unauthorized access to someone else's account"; it is a crime, it is punishable. The fact that some idiot entered your phone number does not give you the right to intercept access to your account, change your password, etc.
Perhaps the rightful owner of the account will contact you - help him regain control of the account. Or contact M$ yourself and report the bug.

There are options.
For example, the user was the owner of this number some years ago, has already stopped using it, the number already belongs to the new owner, but Microsoft does not know anything about it.
Or the number was indicated at a time when it was not checked by SMS at all, and maybe even the phone number was an optional field that could easily be omitted or filled in with errors. After all, there were times when Microsoft did not have a single account, different databases could have very different data, and when merging an optional number, it got into the required ones.

There is an assumption that the code was chosen just by chance. That is, the attacker tried his luck and for several attempts entered the code that was sent to you.
Or he exploited a known SS7 vulnerability: https://xakep.ru/2017/05/05/ss7-attacks/