Got answer from MS Support.
It's a known behavior of self-service sign-up, when somebody in the past created Skype or Teams account with email verified.
As for me, it's looks like the hole in the security... Because you can sell your dns domain, which once had a mail service, on-prem or in another cloud.
Then someone who buys this domain from you will find "new" auto-created active accounts after it is linked that domain to a AzureAD/365 tenant.