For me this was set in the Conditional Access Policy to Require MFA for all Users. In the Grant section of the Policy, if it is set to "Require multifactor authentication" or "Require Authentication Strength" > "Multifactor authentication". Both of these require SMS so a phone is setup during registration. See below
To fix this a new Authentication Strength needed to be added. See the picture below for the settings I used. Be careful with this as you will nbeed to make sure one of the options is the one you are using or you may get locked out. I was using Passwordless MFA, for example, so if this is not checked I will not be able to log back in.
Finally, after saving the Authentication Strengths Method, the browser needs to be refreshed then the new authentication strength added to the Conditional Access Policy.
The result is below
As you can see, no phone setup for a new user. There are other considerations like removing SMS from password recover, and setting up Authentication Methods under Security, but this was the main one the Authentication Strengths and in Conditional Access Policies that was main cause of always prompting for a phone number on MFA setup for me that I could not find elsewhere