Guardz, a cybersecurity company, uncovered a sophisticated phishing campaign exploiting Microsoft 365 infrastructure. The campaign involves manipulating Microsoft 365 tenant properties to embed phishing payloads within legitimate emails, bypassing traditional security measures. Guardz recommends enhanced detection and response tools, including email analysis, user awareness training, and phone verification, to protect against this attack vector.