Microsoft 365

Hal connects to each customer’s Microsoft 365 tenant via a per-tenant Azure app registration with 15 standard, read-only application permissions. Onboarding takes about an hour for the first tenant.

What Hal reads:

Unified Audit Log (sign-in events, mailbox access, file access, policy changes, DLP, service health)
Directory + identity state (users, groups, roles, conditional access)
Risk detections and sign-in logs (with the right Entra ID licensing)

For setup: see the Microsoft 365 onboarding guide (manual flow) or the script-based setup.