Document Details

Quick Secure Virtual Hub Bicep
Home / Scan #2 / Quick Secure Virtual Hub Bicep
Sad Tux - Windows bias detected
This page contains Windows bias

About This Page

This page is part of the Azure documentation. It contains code examples and configuration instructions for working with Azure services.
GitHub View on GitHub 📚 View on Microsoft Learn

Bias Analysis

Detected Bias Types
windows_first
missing_linux_example
windows_tools
Summary
The documentation demonstrates a Windows bias by exclusively deploying and referencing Windows Server 2019 virtual machines for testing, instructing users to use Remote Desktop and Internet Explorer (both Windows-specific tools), and omitting any mention or example of Linux-based virtual machines or tools for firewall validation. While deployment steps are provided for both Azure CLI and PowerShell, the validation and testing sections assume a Windows environment only.
Recommendations
  • Include parallel instructions for deploying and testing with Linux virtual machines, such as Ubuntu or CentOS.
  • Provide examples of connecting to Linux VMs using SSH, and testing allowed/blocked outbound connections with tools like curl or wget.
  • Mention and demonstrate browser-based validation steps that are OS-agnostic, or show how to test connectivity from a Linux shell.
  • Avoid referencing only Windows-specific tools (e.g., Remote Desktop, Internet Explorer) and instead offer cross-platform alternatives.
  • Explicitly state that the scenario works for both Windows and Linux VMs, and provide guidance for both.
GitHub Create Pull Request

Scan History

Date Scan Status Result
2026-01-14 00:00 #250 in_progress Biased Biased
2026-01-13 00:00 #246 completed Biased Biased
2026-01-11 00:00 #240 completed Biased Biased
2026-01-10 00:00 #237 completed Biased Biased
2026-01-09 00:34 #234 completed Biased Biased
2026-01-08 00:53 #231 completed Biased Biased
2026-01-06 18:15 #225 cancelled Clean Clean
2025-08-17 00:01 #83 cancelled Clean Clean
2025-07-13 21:37 #48 completed Biased Biased
2025-07-09 13:09 #3 cancelled Clean Clean
2025-07-08 04:23 #2 cancelled Biased Biased

Flagged Code Snippets

    New-AzResourceGroup -Name exampleRG -Location eastus
    New-AzResourceGroupDeployment -ResourceGroupName exampleRG -TemplateFile ./main.bicep -adminUsername "<admin-user>"
    
# [PowerShell](#tab/PowerShell)


---

Now, test the firewall rules to confirm that it works as expected.

1. From the Azure portal, review the network settings for the **Workload-Srv** virtual machine and note the private IP address.
2. Connect a remote desktop to **Jump-Srv** virtual machine, and sign in. From there, open a remote desktop connection to the **Workload-Srv** private IP address.
3. Open Internet Explorer and browse to `www.microsoft.com`.
4. Select **OK** > **Close** on the Internet Explorer security alerts.

   You should see the Microsoft home page.

5. Browse to `www.google.com`.

   You should be blocked by the firewall.

Now you've verified that the firewall rules are working, you can browse to the one allowed FQDN, but not to any others.

## Clean up resources

When you no longer need the resources that you created with the firewall, use Azure portal, Azure CLI, or Azure PowerShell to delete the resource group. This removes the firewall and all the related resources.

# [CLI](#tab/CLI)


# [PowerShell](#tab/PowerShell)