This article discusses TokenFlare, a serverless framework for simulating phishing attacks on Entra ID and M365. It allows users to configure OAuth flows, deploy either locally or to Cloudflare, and includes built-in operational security features. The setup requires Python and Node.js, and it emphasizes authorized testing only.