Microsoft 365, Entra ID, and SharePoint are active targets in the BlackFile extortion campaign, which uses vishing and MFA fatigue to register attacker-controlled devices and exfiltrate data via legitimate SharePoint APIs. No CVE is involved; the attack surface is identity configuration, device enrollment policy, and API governance gaps. Separately, AI-assisted spear-phishing trends reported this week directly undermine Microsoft 365 email security controls built on signature and volume-anomaly detection.