That's a 2FA code generator. Basically there's a random number generator that uses the system date and time as one seed, and a saved unique code as the other seed, and that algorithm is running on MSFT's server and on the app on your phone. So you enter the number that your phone generates and it compares it to the number the server generates and if it's a match then that confirms it's you. Or at least it confirms that the person logging in has access to your phone...
But Google has an app that does the same thing if you prefer, or I think there might be an option for them to text you a code each time.