I closed my Outlook account a while ago, so I can't verify this right now, but, as I recall, when they first came out with 2FA it didn't seem (to me) quite as secure as Gmail's. I think it had to do with Outlook allowing a user to bypass the 2FA by using the security question challenge. IOW, if someone (the account owner himself/herself) didn't have use of the mobile phone anymore to receive codes and wanted/needed to disable 2FA, getting access to the account in those circumstances was just a matter of using the same security question & answer procedure that many hackers have likely been using on Hotmail accounts all along! Again, I can't remember the particulars at this point, but I know this made an immediate impression on me that Outlook's version of 2FA wasn't the same as what I had experienced in Gmail's in this regard.
With Gmail, I don't remember precisely what happens in such a case (and I really don't want to go through the rigamarole of disabling/reenabling 2FA just now), but I think that when someone loses a phone and the alternate code list, one must go through the entire account recovery process (not just the security question bit).