SpamSentinel for Microsoft Exchange Server has a really small footprint.  It doesn't even need local engines.  As long as you have Microsoft Exchange Server 2010 - 2019.  The download page has all the requirements.

We're just another transport agent to Microsoft Exchange Server, we stamp the proper SCL

About 10 minutes start to finish, including configuration.

No, but you are welcome to if you feel the need.  Microsoft Exchange Servers are very forgiving when installing software while "live"

Live body.  You could honestly have a Microsoft Exchange Server for each user, not that you'd want to.  It would not cost any more.  

You can freely move between platforms at no additional cost.  There's a point in time though you'll have to make a decision on how mail will flow and how we will fit into what you are trying to accomplish. Where you maintain lists. 

Our hosted solution involved simple MX redirects, a partner connector, and some rules on Microsoft 365. 

Our 2ndLookSecurity solution (which is powered by our SpamSentinel Cloud, hosted on Azure) involves using Microsoft 365 as your end point.  We're an application that runs in your tenant.  Scanning in the background, but the user has the 2ndLookSecurity app in the Microsoft Outlook App or Microsoft 365 Webmail.  You still get all of the power of SpamSentinel checking for spam, viruses, phishing but your end users will be confident that the sender of an email is who they purport to be

You can also do a combination of the two.