Best Practices Data - Document Details

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.

View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types

windows_first

windows_tools

powershell_heavy

Summary

The documentation provides both Windows and Linux guidance for data collection in Microsoft Sentinel, but Windows-specific tools and patterns (such as Windows Event Forwarding, PowerShell, and Windows-centric agent configuration) are frequently mentioned first or exclusively in several sections. Some examples and solutions for Windows (e.g., PowerShell, Windows Event Forwarding) are more detailed or appear before Linux equivalents, and endpoint log collection mentions Windows Event Forwarding but omits Linux endpoint examples. However, Linux solutions are present and described in parallel tables, and most tasks are achievable on both platforms.

Recommendations

Ensure that Linux examples and solutions are presented with equal prominence and detail as Windows ones, especially in endpoint log collection and custom log ingestion sections.
Add Linux-specific endpoint log collection examples (e.g., using auditd, Sysmon for Linux, or EDR connectors for Linux endpoints).
When listing solutions, alternate the order or group by platform to avoid Windows-first presentation.
Provide PowerShell alternatives for Linux/macOS (e.g., Bash, Python scripts) where PowerShell is suggested for custom log collection.

Create Pull Request

Scan History

Date	Scan	Status	Result
2026-01-14 00:00	#250	in_progress	Biased
2026-01-13 00:00	#246	completed	Biased
2026-01-11 00:00	#240	completed	Biased
2026-01-10 00:00	#237	completed	Biased
2026-01-09 00:34	#234	completed	Biased
2026-01-08 00:53	#231	completed	Biased
2026-01-06 18:15	#225	cancelled	Clean
2025-08-17 00:01	#83	cancelled	Clean
2025-07-13 21:37	#48	completed	Clean
2025-07-12 23:44	#41	cancelled	Biased