Your AI agents.
Your infrastructure.
Deploy hiroi in your own Azure tenant. Full data sovereignty, compliance controls, and Microsoft ecosystem integration — with the same powerful platform.
Your data never leaves your environment
Hiroi deploys directly into your Azure tenant with managed identity. No shared infrastructure, no data leakage, no third-party access.
Your Azure tenant
Runs in your own Azure subscription with managed identity authentication. No shared compute, no shared storage. Your infrastructure, your rules.
Bytecode-only distribution
Source code never leaves hiroi. Customers receive compiled .pyc packages only — source code not included.
HMAC-SHA256 signed licenses
Cryptographically signed license keys with configurable agent limits, expiry dates, and customer identification. Tamper-proof activation.
Scale-to-zero deployment
Azure Container Apps with scale-to-zero economics. Pay only for actual compute usage. Automatic scaling from zero to thousands of concurrent users.
Zero data leakage
All data — conversations, contacts, knowledge bases, analytics, and configurations — stays within your Azure tenant. No telemetry, no external API calls beyond what you configure. Your Azure SQL Database, your Azure OpenAI, your blob storage. Enterprise mode bypasses all SaaS billing infrastructure entirely.
Deep Microsoft integration, out of the box
A single Azure AD app registration connects login, calendar, email, Teams, SharePoint, and presence. Admin consent once — zero user prompts.
Azure AD Integration
Single app registration for login and Graph API. Admin consent eliminates per-user prompts. Delegated permissions: User.Read, Calendars.ReadWrite, Mail.Read, Mail.Send.
Microsoft Teams
Create Teams meetings directly from AI conversations. SCIM 2.0 user provisioning syncs your directory automatically. Bot Framework webhooks for Teams channel integration.
SharePoint RAG Sync
Sync documents from SharePoint sites and libraries directly into your agent's knowledge base. Incremental sync keeps content fresh. Always-current internal documentation.
Microsoft Graph Calendar
Read and write user calendars, book appointments, and check availability via Microsoft Graph. Tokens refresh automatically. Your AI agent becomes a scheduling assistant.
Microsoft Graph Email
Read and send email on behalf of users with full Mail.Read and Mail.Send support. Draft responses, triage inboxes, and send follow-ups through Outlook.
Presence & Availability
Check user availability (Available, Busy, DND, Away, Offline) via Graph API in real time. Smart routing before calls — never interrupt someone in a meeting.
Enterprise-grade security, built in
DLP, compliance archival, IP restrictions, audit logs, and automated data retention — everything regulated industries require.
DLP (Data Loss Prevention)
Auto-redact SSN, credit cards, API keys, private keys, passwords, phone numbers, and emails from conversations. Three sensitivity levels: high, medium, low. Configurable per-organization.
Compliance Archival
Archive conversation transcripts to SharePoint or Azure Blob Storage. Archival support for regulatory preservation. Async background archival that never impacts chat performance.
IP Allowlist
Restrict organization access by IP ranges. Only connections from approved corporate networks can reach your hiroi instance. Block unauthorized access at the network level.
Session Controls
Configurable session lifetime and inactivity timeout. Enforce re-authentication after defined periods. Fine-grained control over how long sessions stay active.
Audit Logs
Full audit trail of every action: logins, configuration changes, data access, permission modifications, and administrative operations. Immutable records for compliance reporting.
GDPR Data Retention
Automated cleanup of expired data via scheduled retention policies. Configurable retention periods per data type. Run manually or on an automated schedule.
Up and running in ~15 minutes
One-click from Azure Marketplace or an automated CLI script. No DevOps team required.
Deploy from Azure Marketplace
Find hiroi on the Azure Marketplace and click Deploy. The ARM template provisions Container Apps, Azure SQL Database, Blob Storage, and Key Vault automatically. Takes about 10 minutes.
Configure your environment
Add your Azure OpenAI endpoint, database URL, and license key to Container Apps environment variables. Everything else is auto-detected from managed identity.
Connect Azure AD
Register a single Azure AD app. Grant admin consent once. Users can now sign in with their Microsoft accounts — no additional setup per user.
Create your first agent
Sign in, create an agent, configure channels, and deploy. Your enterprise instance runs on the same full-featured platform as hiroi cloud — with your data, your infrastructure.
| Variable | Description |
|---|---|
HIROI_LICENSE_KEY | Signed enterprise license key from hiroi |
DATABASE_URL | Azure SQL connection string (mssql+pyodbc) |
AZURE_OPENAI_ENDPOINT | Your Azure OpenAI resource endpoint |
FLASK_SECRET_KEY | Flask session secret (min 32 random bytes) |
MICROSOFT_CLIENT_ID | Azure AD app registration client ID |
MICROSOFT_CLIENT_SECRET | Azure AD app client secret |
MICROSOFT_TENANT_ID | Azure AD tenant ID (must be actual tenant, not 'common') |
CALENDAR_TOKEN_KEY | Fernet key for OAuth token encryption |
Ready to deploy in your tenant?
Talk to us about your infrastructure, compliance requirements, and timeline. We’ll scope a pilot and get you running in days, not months.