The Kali365 PhaaS platform exploits Microsoft’s OAuth 2.0 device authorization grant flow to hijack Microsoft 365 accounts, generating persistent refresh tokens that survive MFA and require no credential theft. All Microsoft 365 tenants that have not explicitly restricted device code flow via Conditional Access are exposed. No patch exists; remediation requires policy enforcement and behavioral detection in Entra ID and Microsoft Sentinel.