Version: 1.0.0
Last modified: 30. 1. 2023
At a glance
Zebra BI for Microsoft Office is an add-in for Microsoft Excel and Microsoft PowerPoint obtainable solely via Microsoft AppSource. Zebra BI empowers users to create standardized and impactful dashboards in a few clicks with only limited training and no programming. It runs entirely in the Office sandbox environment and neither collects nor stores any user data outside its local running environment. As such it avoids most of the security risks SaaS BI solutions usually introduce.
Introduction
Zebra BI for Office comprises of two add-ins:
- Zebra BI Tables for Office
- Zebra BI Charts for Office
Both add-ins are available for Excel and PowerPoint.
Zebra BI Tables for Excel, Zebra BI Tables for PowerPoint, Zebra BI Charts for Excel, and Zebra BI Charts for PowerPoint are all official Microsoft Office Add-ins and thereby comply with all of Microsoft’s publishing requirements and processes as specified in Deploy and publish Office Add-ins and Commercial marketplace certification policies.
Obtaining Zebra BI for Office
Zebra BI for Office can only be obtained from Microsoft AppSource. The add-in code is served via HTTPS from an Azure App Server controlled by Zebra BI.
As with all AppSource add-ins, updates are seamless and automatic.
Running Zebra BI for Office
Environment
Zebra BI for Office runs in a sandboxed environment within Microsoft Office and accesses user data only through Microsoft's Office add-ins API.
After the add-in has been inserted no further data or code is fetched from anywhere.
Supported Microsoft Office versions
Retail license: Office 2016, 2019, 2021, Office 365: Version 2105 (Build 14026.20308)
Volume license: Office 2021: Version 1808 (Build 10730.20102)
Authentication
Authentication is done via Microsoft SSO.
Required permissions and access to account data
Permissions required to run Zebra BI for Office are profile
and openid
as defined in Microsoft Graph API.
These are in term used to get the following account data via MSAL:
tenant ID
- unique identification of the organization to which the user belongs as assigned by Microsoft,object ID
- unique identification of the user as assigned by Microsoft,full name
- full name of the user identified by object ID,email
- email of the user identified by object ID.
Data obtained thereby is used for license verification and is not retained.
Users wishing to use data linking from Excel to PowerPoint also need to grant Zebra BI for Office read permission to Microsoft Sharepoint.
License verification
License is verified each time the Zebra BI for Office add-in is loaded. The verification is performed via an external license server fully developed and run by Zebra BI.
The licensing server receives a JSON Web Token (JWT) containing tenant ID, object ID, and email and responds with license information. Communication with the Zebra BI licensing server is done via a secure HTTPS connection. The server is running on Microsoft Azure.

User and permission management
As Zebra BI of Office is an Office Add-in all user and permission management is done in Microsoft Office itself.
User data handling
Zebra BI for Office runs in a sandboxed environment within Microsoft Office and accesses user data only through Microsoft's Office add-ins API. Zebra BI does not collect nor store any user data outside the local running environment.
For the most part user data access is read-only. Only exceptions are:
- the optional generate dummy data for easier data preparation functionality in Zebra BI for Excel which uses the write-back functionality of the Microsoft Office JavaScript API to fill the dummy data into the Excel spreadsheet;
- when inserting a Zebra BI Table or Chart into PowerPoint the data backing it is stored as a spreadsheet component embedded in the PowerPoint document. No other parts of the presentation are touched (neither written to, nor read from).
Development practices
Code for Zebra BI is stored using version control. We employ 4-eye review with branch protection and push to production deployment only possible by a pull request. Therefore any changes to the code and the deployed version have an audit trail and can only be done by select employees.
Human resource security
Zebra BI checks the background of all employees to the extent permissible by applicable national and EU legislation.
We annually review permissions and access levels of all employees.
Permission and access revocation is part of our standard offboarding.
Vulnerability Management
We have in place a continual process of identifying, prioritizing, mitigating and remediating vulnerabilities.
Scope
We apply the same vulnerability management process to all Zebra BI software as well all systems that are involved in serving or operating the former.
Standard
- Application (add-in, license server) vulnerability scanning must occur on a minimum of a monthly basis.
- Infrastructure (operating systems and databases) vulnerability scanning must occur on a minimum of a monthly basis.
- Vulnerability scanners must be up to date (latest version)
- Third party penetration testing must be performed annually.
- Vulnerability remediation SLA timeframes begin as soon as a vulnerability is detected.
Vulnerability Reporting
Security vulnerabilities are to be reported to security@zebrabi.com and only there.
Our Vulnerability handling processes follows the ISO/IEC 30111 standard.
See also
END OF SECURITY ASSESSMENT