Microsoft Entra B2B Guest Invitation Phishing Attack

The post describes a phishing attack where Microsoft sends the email directly, and targets interact with Microsoft-owned URLs. The attack does not require an attacker-controlled domain or traditional filter evasion techniques. The author claims to have implemented this method in a red team tool with awareness training and documented it in a blog.