Because they are copying a much bigger companies procedures (like Microsoft or Google). MS has probably UX tested that with 5000 people and found it got the best user experience response.

There are a few reasons. Probably the biggest one is that it can make it easier to determine how your login should be authenticated.

For example, when you login to a Microsoft account, it first asks for your username. Once you enter that, Microsoft determines if it’s a personal or business account to redirect you to the appropriate login method.

It can also be used to first determine whether you have multi-factor authentication enabled or if they may need to present another method of validation (i.e. CAPTCHA).

A lot of websites allow users to activate a single sign on solution using technologies like SAML or OpenID. This allows the authentication to be offloaded to for example Google, AppleID, Microsoft AD or a companys own enterprise login solution. But in order to do that you need to know which SSO solution to use. And that likely means you need the email address so you can look it up. If there is an SSO associated with that account you get logged inn automatically using this service, if not then you get a regular password prompt.