Documentation

Welcome
Intro to Bear DecisionsBear Decisions on your DeviceAuthenticationAccount TypesYour First Analysis (Example)
OverviewCreating AnalysesInterpreting ResultsSettings & ConfigurationAutomatic Macro ExecutionBest Practices
Enterprise AdministrationTechnical Authentication DetailsIT Approval Guide

Blocked by IT? Here's what they need to know

Some organisations restrict the installation of Excel Add-ins by default. Here's the key information to help your IT team approve Bear Decisions, and get it into your paws quickly.

Bear Decisions is distributed through Microsoft AppSource

Bear Decisions is listed on the official Microsoft Marketplace (AppSource ID: WA200009933).

Add-ins from AppSource are vetted by Microsoft, and many IT policies can be updated to allow specific AppSource listings without opening broader Add-in access.

Your IT team can also centrally deploy Bear Decisions via the Microsoft 365 Admin Centre, pushing it to specific users or groups rather than requiring individual installations.

Authentication & Permissions

SSO is integrated with Microsoft Entra ID, and is the recommended authentication method for Bear Decisions - allowing for system admins to manage user accounts and permissions centrally, just like any other Enterprise App within Microsoft 365.

Specifically, Bear Decisions uses Microsoft's recommended authentication standard for Office Add-ins (Nested App Authentication / NAA via Microsoft Entra ID). A few points that are relevant to most IT security reviews:

  • No admin consent required — authentication uses only standard user-level OIDC scopes (openid, profile)
  • No Microsoft Graph API calls — Bear Decisions does not request access to your email, files, calendar, or any other Microsoft 365 data
  • Sign-in is handled entirely through Microsoft's own infrastructure (login.microsoftonline.com)

For personal Microsoft accounts or older versions of Office, Bear Decisions offers an alternative sign-in via Supabase (email-based OTP), which is equally minimal in scope.

What data is collected

Bear Decisions collects only what is necessary to provide the service:

  • Authentication details (email address, Microsoft tenant ID, and object ID) — used solely to verify your licence
  • Standard web request data (IP address) — collected by our hosting provider (Vercel) as part of normal CDN operation

Your workbook data is never transmitted.

All analysis runs locally within Excel. Nothing from your spreadsheet is sent to Baby Bear Analytics servers.

Full details are available in our Privacy Policy and Technical Authentication Details.

Office version requirement

Bear Decisions requires Office May 2025 or later (for Microsoft SSO sign-in). If your organisation is on an older Office channel, the Supabase email sign-in option may be available — contact us to discuss.

Need to send this to your IT team?

Forward them this page and the Technical Authentication Details page. If your organisation requires a formal security questionnaire or vendor approval form, get in touch and we'll turn it around promptly.