Microsoft launched a new feature in Office 365 called Office 365 Attack Simulator. According to Microsoft, "you can run realistic attack scenarios in your organization. This can help you identify and find vulnerable users before a real attack impacts your bottom line". This feature can help your security team to do Phishing attack, Password-spray attack and Brute-force password attack. This feature is available in Office 365 E5 plans.
If you want more details, I invite you to read these articles :