I haven't used this app, so I'm not personally familiar with it. It looks like a device admin app, which means, depending on the setup, your company could have admin access to your phone. That means having way more permissions than a standard app, even having the permission to remotely wipe your phone. It's not surprising that a device admin app would have access to hardware identifiers, though I don't know how that works on GrapheneOS.
You can look over Android docs about device administration to get an idea of what they can do, specifically the sections on policies and other features following that table of policies.
Check out what Intune can do from the management console: https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune
If you don't want this app, your employer, or Microsoft to have special access to your phone's settings, don't give the app device admin privileges. I think it's unlikely you'd get access to the 365 apps without giving Intune admin access.
Personally, I wouldn't do it. If an employer needs an employee to do work from their phone, the company can give them a work phone. Alternatively, they could create a managed email that gives access to these apps. Using Intune to take over users' personal phones seems like crazy overreach to me.
btw, if you want to see if you already gave the app access to device admin, check settings here: Settings > Apps > Special app access > Device admin apps > Company Portal