Document Details

Threat Modeling Tool Authentication
Home / Scan #250 / Threat Modeling Tool Authentication
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
windows_tools
powershell_heavy
missing_linux_example
Summary
The documentation page for authentication mitigations in the Microsoft Threat Modeling Tool shows a moderate Windows bias. Windows Authentication is recommended as the default for SQL Server, and Windows-based authentication is listed before other mechanisms in several places. Windows-specific tools (e.g., Windows Server certificate service, MSMQ, WCF) are referenced without Linux/macOS equivalents or alternatives. Examples and configuration snippets are primarily for Windows-centric technologies (WCF, MSMQ, .NET Framework), with little to no mention of Linux/macOS-compatible patterns or tools. There are no PowerShell examples, but the overall pattern prioritizes Windows technologies and omits Linux/macOS-specific guidance.
Recommendations
  • For SQL Server authentication, explicitly mention and provide examples for cross-platform alternatives (e.g., SQL authentication, Azure AD authentication) and clarify when Windows Authentication is not applicable.
  • When referencing certificate authorities, include Linux-compatible options (e.g., OpenSSL, Let's Encrypt) and provide guidance for Linux/macOS environments.
  • For MSMQ and WCF, note their Windows-specific nature and suggest cross-platform messaging alternatives (e.g., RabbitMQ, Apache Kafka) for non-Windows environments.
  • When listing authentication mechanisms, avoid listing Windows-based options first; present options in a neutral order and clarify platform applicability.
  • Add Linux/macOS-specific examples or references where possible, especially for authentication, certificate management, and messaging.
  • Where .NET examples are given, clarify .NET Core/.NET 5+ cross-platform support and provide links to relevant documentation.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Clean Clean
2025-07-12 23:44 #41 cancelled Biased Biased

Flagged Code Snippets