Document Details
Kql Jobs
This page contains Windows bias
About This Page
This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
Bias Analysis
Detected Bias Types
windows_first
windows_tools
missing_linux_example
Summary
The documentation page demonstrates a Windows bias primarily through its exclusive use of Azure portal GUI instructions, which are most commonly accessed from Windows environments. The only explicit OS mentioned in the job templates is 'Windows' (e.g., 'Windows suspicious login outside normal hours'), with no equivalent Linux-focused examples or templates. There are no references to Linux tools, shell commands, or CLI alternatives (such as Azure CLI, Bash, or PowerShell cross-platform usage), nor are Linux-specific scenarios or logs (e.g., syslog, auditd) covered. The workflow and screenshots are tailored to the Defender portal and Azure portal, which are typically used in Windows-centric environments.
Recommendations
- Add Linux-focused job templates (e.g., anomaly detection for Linux authentication logs, process execution baselines for Linux hosts, Linux network traffic analysis).
- Include examples and instructions for creating and managing jobs using Azure CLI, Bash, or cross-platform tools, not just the Azure portal GUI.
- Reference Linux log sources (such as syslog, auditd, or Linux endpoint logs) in template examples and documentation.
- Provide parity in troubleshooting and operational guidance for Linux-based environments, including common error messages and best practices.
- Explicitly mention that the workflow is supported on non-Windows platforms and clarify any platform-specific limitations.
Create Pull Request
Scan History
| Date | Scan | Status | Result |
|---|---|---|---|
| 2026-01-14 00:00 | #250 | in_progress |
 Clean
|
| 2026-01-13 00:00 | #246 | completed |
Clean
|
| 2026-01-11 00:00 | #240 | completed |
Biased
|
| 2026-01-10 00:00 | #237 | completed |
Clean
|
| 2026-01-09 00:34 | #234 | completed |
Clean
|
| 2026-01-08 00:53 | #231 | completed |
Clean
|
| 2026-01-06 18:15 | #225 | cancelled |
Clean
|
| 2025-08-22 00:01 | #88 | completed |
Clean
|
| 2025-08-20 00:01 | #86 | completed |
Clean
|
| 2025-08-19 00:01 | #85 | completed |
Clean
|
| 2025-08-17 00:01 | #83 | cancelled |
Clean
|
| 2025-07-23 00:00 | #58 | completed |
Clean
|