...Does their current method get around this? They let you make the account, then a week or two later at most when you log in, it flags you and tells you due to 'suspicious activity', you now have to enter a phone number to get in specifically- as the account is now locked out otherwise. And VOIP numbers and burner numbers are autodetected and the system says to find a different number...
Since they allow you to initially make the account, i wonder if that lets them 'attempt to' bypass this -
Also, if that became a pain point eventually, they could make it so accounts made with European IP addresses from certain regions avoid this. (I think i've read on Reddit that european players get affected, but after contacting microsoft and citing GDPR with a form, they unlocked it- alas, the US and the rest of the world is forced to give a number then (not counting south korea which is a special case i've read)
Since they allow you to initially make the account, i wonder if that lets them 'attempt to' bypass this -
Also, if that became a pain point eventually, they could make it so accounts made with European IP addresses from certain regions avoid this. (I think i've read on Reddit that european players get affected, but after contacting microsoft and citing GDPR with a form, they unlocked it- alas, the US and the rest of the world is forced to give a number then (not counting south korea which is a special case i've read)