Security

116
Total Pages
38
Linux-Friendly Pages
78
Pages with Bias
67.2%
Bias Rate

Bias Trend Over Time

Pages with Bias Issues

380 issues found
Showing 276-300 of 380 flagged pages
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/management.md ...blob/main/articles/security/fundamentals/management.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 4 bias types
Detected Bias Types
Powershell Heavy Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates a strong Windows bias throughout. It consistently references Windows-specific tools (such as AppLocker, Hyper-V, Group Policy, Windows Firewall, BitLocker, and MMC), and management patterns (GPOs, AD DS, Windows PowerShell) without mentioning Linux or cross-platform equivalents. All example scenarios, hardening recommendations, and diagrams are Windows-centric. There are no Linux or macOS management examples, nor are Linux-native tools, security controls, or hardening strategies discussed. The document assumes the reader is operating in a Windows/Active Directory environment.
Recommendations
  • Include equivalent Linux (and macOS, if relevant) management and hardening examples, such as using iptables/nftables for firewalling, SELinux/AppArmor for execution restriction, and sudoers for least privilege.
  • Reference cross-platform Azure management tools, such as Azure CLI and Azure Cloud Shell, and provide usage examples for Linux/macOS terminals.
  • Discuss Linux-native security practices (e.g., SSH key management, PAM configuration, systemd service hardening) alongside Windows recommendations.
  • Mention open-source or cross-platform alternatives to Windows tools (e.g., instead of AppLocker, discuss AppArmor/SELinux policies; instead of GPO, discuss configuration management tools like Ansible, Puppet, or Chef).
  • Clarify which recommendations are Windows-specific and provide parallel guidance for non-Windows environments.
  • Add diagrams and scenarios that show Linux (and possibly macOS) endpoints as management workstations.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/measured-boot-host-attestation.md ...ecurity/fundamentals/measured-boot-host-attestation.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page demonstrates a Windows bias by referencing TPM and Secure Boot primarily through Microsoft and Windows-centric links and terminology. All referenced documentation and examples are Windows-specific, with no mention of Linux equivalents, tools, or procedures. The TPM link directs to Windows documentation, and there is no discussion of how measured boot or attestation would be implemented or verified on Linux hosts, despite TPM and Secure Boot being cross-platform technologies.
Recommendations
  • Include references to Linux TPM and Secure Boot documentation, such as links to tpm2-tools, Linux kernel documentation, or relevant distributions' security guides.
  • Provide examples or explanations of how measured boot and attestation are performed or validated on Linux hosts, including typical tools and log locations (e.g., tpm2_pcrread, journalctl, /sys/kernel/security/ima).
  • Mention Linux-specific attestation frameworks (such as Keylime or IMA/EVM) and how they integrate with Azure's attestation service, if applicable.
  • Balance the documentation by explicitly stating that the described technologies are cross-platform and outlining any Azure-specific differences or requirements for Linux hosts.
  • Add a section or callout box comparing Windows and Linux attestation flows, highlighting any differences in implementation or support.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/isolation-choices.md ...in/articles/security/fundamentals/isolation-choices.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 4 bias types
Detected Bias Types
🔧 Windows Tools Windows First Powershell Heavy Missing Linux Example
Summary
The documentation demonstrates a Windows-centric bias by referencing Windows tools and patterns (such as Windows Firewall, BitLocker, Active Directory Federation Services, and Group Policy) without equivalent Linux examples or alternatives. Windows terminology and technologies are often mentioned first or exclusively, and there is a lack of Linux-specific operational guidance or command-line examples. While Linux is occasionally referenced (e.g., dm-crypt, mdadm), these mentions are brief and lack the depth or parity given to Windows technologies.
Recommendations
  • Provide Linux-specific operational examples and guidance alongside Windows examples, such as using iptables/firewalld instead of only referencing Windows Firewall.
  • When discussing identity and access management, include Linux-compatible solutions or clarify how Linux VMs integrate with Azure identity services.
  • For encryption, offer detailed Linux usage patterns (e.g., step-by-step dm-crypt or LUKS setup) in parity with BitLocker explanations.
  • Mention and explain Linux-native tools (e.g., SELinux, AppArmor, systemd-networkd) where relevant to isolation and security.
  • Ensure that references to PowerShell or Windows command-line tools are balanced with Bash/CLI examples for Linux.
  • Avoid using Windows terminology as the default; instead, present both Windows and Linux options equally, or clarify when a feature is platform-agnostic.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/operational-checklist.md ...rticles/security/fundamentals/operational-checklist.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Windows First Missing Linux Example
Summary
The documentation page demonstrates a Windows bias by referencing Windows-specific technologies (e.g., SMB 3.0 for encryption), linking to Windows documentation, and mentioning Windows tools or protocols without Linux equivalents or parity. In some cases, Linux is mentioned, but only after Windows, and there is a lack of Linux-specific examples or guidance for several security controls.
Recommendations
  • When referencing protocols like SMB, also mention NFS or other Linux-friendly protocols for Azure File Shares, and provide links to relevant Linux documentation.
  • Ensure that encryption guidance for Azure Disk Encryption links to both Linux and Windows documentation equally, and in parallel, not with Windows first or exclusively.
  • Add Linux-specific examples or references for operational security tasks, such as using Linux command-line tools or scripts for monitoring, access control, and encryption.
  • Where tools or protocols are Windows-centric (e.g., SMB), explicitly note Linux alternatives and provide guidance for Linux users.
  • Review all checklist items to ensure Linux and open-source tool parity, and avoid defaulting to Windows-first language or examples.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/paas-applications-using-sql.md ...s/security/fundamentals/paas-applications-using-sql.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation demonstrates a Windows bias by referencing Windows authentication patterns (such as 'integrated Windows authentication') and Windows-centric tools (like SQL Server Management Studio) without mentioning Linux equivalents or cross-platform alternatives. There are no examples or guidance for Linux-based authentication or tooling, and the language assumes a Windows environment for several security features.
Recommendations
  • Include examples and explanations for Linux-based authentication methods, such as using Azure CLI or cross-platform tools to connect with Microsoft Entra ID.
  • Mention cross-platform database management tools (e.g., Azure Data Studio) alongside SQL Server Management Studio.
  • Clarify that Microsoft Entra authentication and other features are supported on non-Windows platforms, and provide links or examples for Linux/macOS users.
  • Avoid language that assumes a Windows environment (e.g., 'integrated Windows authentication') or, if mentioned, immediately provide Linux/macOS alternatives.
  • Add explicit sections or callouts for Linux users, especially regarding firewall configuration, authentication, and encryption management.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/paas-deployments.md ...ain/articles/security/fundamentals/paas-deployments.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 4 bias types
Detected Bias Types
Windows First Powershell Heavy 🔧 Windows Tools Missing Linux Example
Summary
The documentation demonstrates a Windows bias primarily by referencing Windows-centric tools and patterns (such as PowerShell remoting and RDP) before or instead of Linux equivalents. Examples and recommendations for remote management mention PowerShell and RDP, but do not provide equal emphasis or examples for Linux tools (such as SSH or Linux-native management practices). There are no Linux-specific command examples, and the documentation assumes familiarity with Microsoft/Windows-centric security tooling and identity platforms, with little mention of open-source or Linux-native alternatives.
Recommendations
  • When discussing remote management, provide parallel examples for both Windows (PowerShell, RDP) and Linux (SSH, SCP, Linux-native management tools).
  • List SSH before or alongside RDP and PowerShell remoting, and clarify that SSH is the standard for Linux VM management.
  • Include Linux-specific security best practices and tools (e.g., SELinux, iptables, fail2ban) where appropriate.
  • Offer example commands or configuration snippets for both Windows and Linux environments when discussing security controls or remote access.
  • Reference open-source identity and authentication solutions (such as SSSD, PAM, or integration with Azure AD via Linux tooling) where relevant.
  • Ensure that documentation language and examples are inclusive of both Windows and Linux users, especially in sections on VM management, authentication, and monitoring.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/production-network.md ...n/articles/security/fundamentals/production-network.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation page demonstrates a Windows bias by exclusively referencing Windows Firewall as the native and guest firewall solution within Azure, without mentioning Linux firewall equivalents (such as iptables, nftables, or firewalld). There are no examples or explanations for how firewalling or security controls are implemented or managed on Linux-based Azure VMs. The discussion of firewall configuration and management is framed in terms of Windows tools and patterns, and Windows is mentioned first and exclusively in relevant sections.
Recommendations
  • Explicitly mention Linux firewall solutions (e.g., iptables, nftables, firewalld) alongside Windows Firewall when discussing native and guest firewalls.
  • Describe how firewall rules and security controls are managed on Linux-based Azure VMs, including any Azure-specific integration or recommendations.
  • Provide examples or references for both Windows and Linux environments when discussing security configuration, to ensure parity and inclusivity.
  • Avoid language that implies Windows is the default or only supported environment for firewalling and security controls in Azure.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/operational-security.md ...articles/security/fundamentals/operational-security.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation demonstrates a Windows bias by frequently referencing Windows-specific tools, services, and logs before or instead of their Linux equivalents. Examples and descriptions often focus on Windows environments (e.g., Windows event logs, Windows servers, System Center Data Protection Manager) with limited or no mention of Linux-specific tools, logs, or workflows. Where Linux is mentioned, it is typically as an afterthought or in a secondary position. There are few, if any, Linux-specific examples or guidance, and some monitoring and diagnostic sections omit Linux details entirely.
Recommendations
  • Provide Linux-specific examples and workflows alongside Windows examples, such as using syslog for Linux event collection.
  • When describing features (e.g., Azure Monitor logs, Diagnostics), explicitly mention Linux support and detail how to configure and use these features on Linux systems.
  • Avoid using Windows tools (e.g., PowerShell, System Center DPM) as the default or only example; include equivalent Linux tools (e.g., Bash, rsyslog, cron) where applicable.
  • In tables and feature lists, ensure parity by listing both Windows and Linux capabilities and agents equally.
  • Add Linux-focused troubleshooting and configuration guidance, such as how to install and configure the Azure Monitor agent on Linux, and how to collect and analyze Linux logs.
  • Review and update diagrams and screenshots to include Linux scenarios, not just Windows-centric ones.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/ransomware-features-resources.md ...security/fundamentals/ransomware-features-resources.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation demonstrates a subtle Windows bias by mentioning Windows-specific tools (e.g., Windows Hello) before or instead of Linux equivalents, and by referencing Windows authentication and security features without parallel Linux examples. While Linux is mentioned as supported in some features, there are no Linux-specific tools, commands, or examples provided. The authentication section, in particular, highlights Windows Hello but omits Linux authentication options. No Linux command-line or configuration examples are present, and the documentation does not address Linux-specific ransomware mitigation strategies or tools.
Recommendations
  • When listing authentication options, include Linux-compatible solutions (e.g., FIDO2 keys, PAM modules) alongside Windows Hello.
  • Provide Linux-specific examples or references for endpoint protection, backup, and recovery (e.g., how Azure Backup interacts with Linux VMs, or how to configure Defender for Cloud on Linux).
  • Include Linux command-line examples (e.g., bash, systemd, or auditd) where relevant, especially in sections discussing detection, response, or automation.
  • Explicitly mention Linux security features or best practices (e.g., SELinux, AppArmor, Linux file system permissions) in the context of ransomware defense.
  • Balance the order of presentation so that Linux and Windows are given equal prominence when discussing supported platforms or features.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/service-fabric-best-practices.md ...security/fundamentals/service-fabric-best-practices.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 4 bias types
Detected Bias Types
Powershell Heavy Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation demonstrates a Windows bias by prioritizing Windows tools and patterns (such as PowerShell and Windows Server certificate services), referencing Windows-specific security options, and omitting equivalent Linux guidance or examples. There are no Linux/CLI examples or mentions of Linux-specific deployment or security practices, and Windows terminology is used as the default throughout.
Recommendations
  • Provide equivalent examples and instructions for Linux environments, including using Azure CLI, Bash scripts, and Linux certificate management tools.
  • Mention Linux support and patterns alongside Windows, rather than only referencing Windows or listing it first.
  • Include guidance for securing Service Fabric clusters running on Linux, such as using OpenSSL for certificate creation and management.
  • Reference cross-platform tools and APIs (e.g., REST, Azure CLI) wherever possible, and clarify when a feature or tool is Windows-only.
  • Add explicit Linux sections or callouts for each best practice, ensuring Linux administrators are equally supported.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/ransomware-detect-respond.md ...les/security/fundamentals/ransomware-detect-respond.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates a Windows bias by focusing exclusively on Microsoft and Windows-centric tools (e.g., Defender for Cloud, Defender for Endpoint, PowerShell logs), mentioning Windows-specific attack vectors (RDP), and omitting equivalent Linux detection and response strategies or tools. There are no Linux-specific examples, guidance, or references to Linux security logs, tools, or incident response workflows.
Recommendations
  • Include Linux-specific detection and response guidance, such as monitoring Linux audit logs, syslog, or journald for ransomware indicators.
  • Provide examples of Linux endpoint protection tools (e.g., Microsoft Defender for Endpoint on Linux, ClamAV, or other EDR solutions) and how to use them for containment and mitigation.
  • Mention Linux-specific attack vectors (e.g., SSH brute force) alongside RDP.
  • Add instructions for isolating compromised Linux systems, including relevant commands or tools.
  • Reference Linux incident response workflows and ticketing practices, ensuring parity with Windows guidance.
  • Balance the order of presentation so that Linux and Windows are both addressed, or provide platform-agnostic recommendations where possible.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/technical-capabilities.md ...ticles/security/fundamentals/technical-capabilities.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation demonstrates a Windows bias by consistently referencing Windows-centric tools, services, and terminology (e.g., Active Directory, Windows error reporting, Microsoft Accounts) without providing equivalent Linux or open-source alternatives or examples. The order of presentation and examples often prioritize Microsoft/Windows technologies, and there is a lack of explicit Linux-focused guidance or examples, especially in areas like antimalware, device management, and privileged identity management.
Recommendations
  • Provide Linux-specific examples and guidance alongside Windows examples, especially for security tooling, device management, and monitoring.
  • Reference and link to open-source or cross-platform alternatives where appropriate (e.g., mention integration with Linux PAM, SSSD, or open-source MFA solutions).
  • When discussing antimalware and endpoint protection, include recommendations and supported solutions for Linux VMs, not just Microsoft or Windows-centric products.
  • In sections about identity and access management, clarify how Linux systems can integrate with Azure identity services (e.g., using SSSD, LDAP, or OAuth2 for Linux authentication).
  • When describing monitoring and logging (e.g., Azure Monitor, Application Insights), provide Linux-specific setup instructions or examples.
  • Balance the order of presentation so that Linux and open-source options are mentioned equally or in parallel with Windows/Microsoft options.
  • Explicitly state Azure's support for Linux and open-source technologies in relevant sections, and provide links to documentation for Linux users.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/secrets-best-practices.md ...ticles/security/fundamentals/secrets-best-practices.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Missing Linux Example 🔧 Windows Tools Windows First
Summary
The documentation page demonstrates a bias toward Windows and Azure-native tooling. There are no explicit Linux or cross-platform examples, and references to tools and patterns (such as Azure PowerShell, Azure CLI, and service-specific integrations) are either Windows-centric or lack parity for Linux users. The service-specific best practices section includes links that default to Windows/PowerShell tabs or examples, and some services (e.g., SQL IaaS) reference Windows-specific integration. There is a lack of explicit mention of Linux tools, shell commands, or non-Windows secret management patterns.
Recommendations
  • Provide Linux-specific examples and guidance alongside Windows/PowerShell examples, such as using bash scripts, Linux environment variable management, and open-source secret management tools (e.g., HashiCorp Vault, sops).
  • Ensure that service-specific links and code samples include both Azure CLI and PowerShell (or other cross-platform tools), and default to a neutral or cross-platform tab.
  • Mention and recommend open-source or cross-platform secret scanning tools (e.g., truffleHog, git-secrets) in addition to Azure DevOps Credential Scanner.
  • Where possible, include references to Linux-based deployment and automation patterns (e.g., systemd environment files, Kubernetes secrets) and not just Azure-native or Windows-centric approaches.
  • Audit all linked articles to ensure parity in instructions and examples for both Windows and Linux users.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/ransomware-prepare.md ...n/articles/security/fundamentals/ransomware-prepare.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates a Windows and Azure-centric bias. It predominantly references Microsoft and Azure tools (e.g., Defender for Cloud, Azure Backup, MARS agent), and when on-premises systems are mentioned, only Windows Servers are explicitly referenced for backup scenarios. There are no examples, tools, or procedures specifically addressing Linux systems, nor are there cross-platform or Linux-native solutions discussed. The documentation assumes a Microsoft ecosystem and does not provide parity for Linux environments.
Recommendations
  • Include explicit references to Linux systems when discussing backup, recovery, and antimalware solutions. For example, mention how to back up on-premises Linux servers to Azure or other cloud providers.
  • Provide examples or guidance for Linux-native tools (e.g., rsync, BorgBackup, native Linux antimalware solutions) alongside Windows tools.
  • When listing Azure services, clarify their compatibility with Linux workloads and provide links to Linux-specific documentation where available.
  • Avoid language that implies Windows is the default or only on-premises platform (e.g., 'On-premises Windows Servers'), and instead use inclusive phrasing such as 'on-premises servers (Windows and Linux)'.
  • Add example incident response and backup/restore procedures for Linux environments, or at least reference where such guidance can be found.
  • Ensure that security recommendations (such as privileged account protection, malware analysis, and endpoint security) include Linux-specific considerations and tools.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/steps-secure-identity.md ...rticles/security/fundamentals/steps-secure-identity.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation demonstrates a Windows bias by referencing Windows-specific tools and patterns (such as AD FS, Windows Server Active Directory, and Windows Hello for Business) without mentioning Linux or cross-platform alternatives. Examples and guidance are focused on Windows environments, and there are no Linux-specific instructions or parity in the described features. The document assumes a Windows-centric infrastructure, especially for hybrid and on-premises scenarios.
Recommendations
  • Include equivalent guidance and examples for Linux-based identity infrastructure, such as integration with Samba (for Active Directory compatibility), or mention how Linux servers can participate in Microsoft Entra ID scenarios.
  • When referencing tools like AD FS or Windows Hello for Business, provide notes or links about cross-platform or open-source alternatives, or clarify if features are Windows-only.
  • Add examples or documentation links for configuring Microsoft Entra ID features from Linux environments, such as using Azure CLI, REST APIs, or cross-platform PowerShell Core.
  • Explicitly state platform limitations and provide guidance for organizations with mixed Windows and Linux environments.
  • Ensure that recommendations for monitoring, authentication, and self-service features include instructions or compatibility notes for Linux-based systems and users.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/virtual-machines-overview.md ...les/security/fundamentals/virtual-machines-overview.md
High Priority View Details →
Scanned: 2025-07-12 23:44
Reviewed by: Unknown
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example Powershell Heavy
Summary
The documentation page demonstrates a Windows bias in several ways: Windows tools and technologies (such as Microsoft Antimalware, BitLocker, and Microsoft Defender for Endpoint) are discussed in detail, often before or instead of Linux equivalents. Many security features are described primarily in the context of Windows, with Linux support mentioned only briefly or as an afterthought. Example links and deep dives (e.g., Defender for Endpoint, BitLocker) are Windows-centric, and there is a lack of Linux-specific examples or guidance, especially for antimalware and endpoint protection. Where Linux is mentioned (e.g., disk encryption), it is often secondary to Windows, and Linux-specific tools (like dm-crypt) are not explained in depth. There are also references to Azure PowerShell for Linux disk encryption, but no equivalent CLI or shell examples.
Recommendations
  • Provide Linux-specific examples and guidance for all security features, especially for antimalware and endpoint protection.
  • When listing tools or features (e.g., disk encryption), present Linux and Windows options with equal prominence and detail.
  • Include links to Linux-focused documentation, such as using open-source antimalware solutions (e.g., ClamAV, Sophos) on Azure Linux VMs.
  • Add command-line examples using Bash/CLI for Linux scenarios, not just PowerShell.
  • Ensure that third-party solutions and marketplace offerings for Linux are highlighted alongside Windows options.
  • Where Microsoft tools are Windows-only (e.g., Defender for Endpoint), explicitly state Linux alternatives or current limitations.
  • Balance the order of presentation so that Linux and Windows are treated equally throughout the documentation.
GitHub Create Pull Request
Security Security best practices for IaaS workloads in Azure | Microsoft Docs ...-docs/blob/main/articles/security/fundamentals/iaas.md
Medium Priority View Details →
Scanned: 2026-01-17 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Powershell Heavy 🔧 Windows Tools Missing Linux Example
Summary
The documentation generally covers both Windows and Linux VMs, but there are several instances where Windows-specific tools, terminology, and examples are presented first or exclusively. PowerShell cmdlets (e.g., Add-AzKeyVaultKey) are referenced without Linux CLI equivalents, and some backup/snapshot links point to Windows-specific pages. Antimalware recommendations include Windows Defender and System Center Endpoint Protection, which are Windows-only, with less emphasis on Linux alternatives. Monitoring and diagnostics sections mention Windows-focused extensions and tools before Linux options. While Linux is acknowledged, examples and actionable steps are often Windows-centric or lack Linux parity.
Recommendations
  • Provide CLI/bash equivalents for PowerShell cmdlets, especially for key management and encryption operations.
  • Include Linux-specific antimalware solutions and examples alongside Windows Defender/System Center Endpoint Protection.
  • Ensure backup and snapshot instructions link to both Windows and Linux VM documentation.
  • Present Windows and Linux examples side-by-side or alternate which is shown first.
  • Expand monitoring/diagnostics instructions to explicitly cover Linux VM extensions and tools.
GitHub Create Pull Request
Security Authentication - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...ecurity/develop/threat-modeling-tool-authentication.md
Medium Priority View Details →
Scanned: 2026-01-14 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Powershell Heavy Missing Linux Example
Summary
The documentation page for authentication mitigations in the Microsoft Threat Modeling Tool shows a moderate Windows bias. Windows Authentication is recommended as the default for SQL Server, and Windows-based authentication is listed before other mechanisms in several places. Windows-specific tools (e.g., Windows Server certificate service, MSMQ, WCF) are referenced without Linux/macOS equivalents or alternatives. Examples and configuration snippets are primarily for Windows-centric technologies (WCF, MSMQ, .NET Framework), with little to no mention of Linux/macOS-compatible patterns or tools. There are no PowerShell examples, but the overall pattern prioritizes Windows technologies and omits Linux/macOS-specific guidance.
Recommendations
  • For SQL Server authentication, explicitly mention and provide examples for cross-platform alternatives (e.g., SQL authentication, Azure AD authentication) and clarify when Windows Authentication is not applicable.
  • When referencing certificate authorities, include Linux-compatible options (e.g., OpenSSL, Let's Encrypt) and provide guidance for Linux/macOS environments.
  • For MSMQ and WCF, note their Windows-specific nature and suggest cross-platform messaging alternatives (e.g., RabbitMQ, Apache Kafka) for non-Windows environments.
  • When listing authentication mechanisms, avoid listing Windows-based options first; present options in a neutral order and clarify platform applicability.
  • Add Linux/macOS-specific examples or references where possible, especially for authentication, certificate management, and messaging.
  • Where .NET examples are given, clarify .NET Core/.NET 5+ cross-platform support and provide links to relevant documentation.
GitHub Create Pull Request
Security Auditing and Logging - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...y/develop/threat-modeling-tool-auditing-and-logging.md
Medium Priority View Details →
Scanned: 2026-01-14 00:00
Reviewed by: LLM Analysis
Issues: 2 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example
Summary
The documentation is generally platform-agnostic, focusing on high-level auditing and logging concepts. However, there is a notable bias in the 'Ensure that Audit and Log Files have Restricted Access' section, which specifically references 'Windows ACL' for setting log file permissions, without mentioning Linux equivalents (such as chmod/chown or POSIX ACLs). Additionally, the WCF sections are inherently Windows/.NET Framework-specific, but this is appropriate given the technology. There are no PowerShell-heavy examples or Windows-first ordering, but Linux/Unix file permission management is not addressed where relevant.
Recommendations
  • In the section about restricting access to audit and log files, add Linux/Unix equivalents (e.g., using chmod, chown, or setfacl) alongside the Windows ACL reference.
  • Where file system security is discussed, provide examples or references for both Windows and Linux environments.
  • Consider a brief note in platform-agnostic sections to clarify that the guidance applies to both Windows and Linux, and provide links to relevant documentation for each.
GitHub Create Pull Request
Security Communication security for the Microsoft Threat Modeling Tool ...develop/threat-modeling-tool-communication-security.md
Medium Priority View Details →
Scanned: 2026-01-14 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page provides security mitigation guidance for a variety of Azure services and technologies, but several examples and recommendations are Windows-centric. Many code samples and configuration instructions use Windows-specific technologies (e.g., ASP.NET, WCF, web.config, ServicePointManager), and there is a lack of Linux/macOS equivalent examples or explicit parity guidance. Windows tools and patterns (such as URL Rewrite in web.config, ServicePointManager for certificate pinning, and references to Windows Azure Blob MD5) are mentioned without Linux alternatives, and Windows clients are referenced before or instead of cross-platform options.
Recommendations
  • Provide Linux/macOS equivalent examples for enforcing HTTPS, such as using nginx or Apache configuration for URL rewriting and HSTS.
  • Include cross-platform code samples for certificate pinning (e.g., using Python, Java, or Node.js).
  • Mention Linux-compatible SMB clients (e.g., mount.cifs with SMB 3.x) when discussing Azure Files encryption.
  • Reference cross-platform database connection encryption and validation methods (e.g., using JDBC, ODBC, or other non-Windows drivers).
  • Clarify when recommendations or examples are Windows-specific and provide links or guidance for Linux/macOS users where possible.
GitHub Create Pull Request
Security Cryptography - Microsoft Threat Modeling Tool - Azure | Microsoft Docs .../security/develop/threat-modeling-tool-cryptography.md
Medium Priority View Details →
Scanned: 2026-01-14 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
🔧 Windows Tools Windows First Powershell Heavy Missing Linux Example
Summary
The documentation page demonstrates a notable Windows bias in several areas. Many cryptographic recommendations and examples reference Windows-specific APIs, .NET classes, and technologies (e.g., CNG, CAPI, Win32/64, BitLocker, TPM on Windows IoT Core, SSIS, SQL Server features). Windows tools and patterns are mentioned first or exclusively, with limited or no Linux/macOS equivalents or examples. Where non-Windows platforms are referenced (e.g., Apple OS X, Java), coverage is brief and lacks parity in detail or example code. Linux-specific tools, APIs, or configuration patterns are generally missing.
Recommendations
  • Provide equivalent Linux/macOS examples and recommendations for cryptographic operations (e.g., OpenSSL, /dev/urandom, GnuPG, dm-crypt/LUKS for disk encryption).
  • Include Linux/macOS-specific APIs and code samples alongside .NET/Windows examples.
  • Mention cross-platform libraries (e.g., libsodium, OpenSSL, BouncyCastle) where appropriate.
  • For IoT, reference Linux-based TPM usage and device SDKs, not just Windows IoT Core.
  • For database encryption, discuss options for PostgreSQL, MySQL, and other non-SQL Server databases.
  • For device management and disk encryption, mention Linux/macOS solutions (e.g., FileVault, LUKS, eCryptfs) in addition to BitLocker.
GitHub Create Pull Request
Security Configuration management for the Microsoft Threat Modeling Tool ...velop/threat-modeling-tool-configuration-management.md
Medium Priority View Details →
Scanned: 2026-01-14 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools Powershell Heavy
Summary
The documentation for configuration management in the Microsoft Threat Modeling Tool demonstrates notable Windows bias. Most examples and mitigation steps are presented using Windows-centric technologies (ASP.NET, IIS, web.config, BitLocker, Windows Firewall, WCF), with little to no mention of Linux/macOS equivalents or cross-platform alternatives. Even generic security concepts (like HTTP headers for CSP, X-Frame-Options, CORS) are shown only in the context of Windows tooling and configuration files. There are no Linux-specific examples, and Windows tools and patterns are referenced exclusively or before any cross-platform approaches.
Recommendations
  • For generic web security mitigations (CSP, X-Frame-Options, CORS, MIME sniffing), provide configuration examples for popular Linux web servers (e.g., Apache, Nginx) and cross-platform frameworks.
  • When discussing firewall configuration, mention Linux firewall tools (e.g., iptables, firewalld, ufw) alongside Windows Firewall.
  • For disk encryption, reference Linux alternatives to BitLocker (e.g., LUKS, dm-crypt) where applicable.
  • Include cross-platform code samples and configuration snippets for non-Windows environments, especially for web APIs and web applications.
  • Clarify when a mitigation or feature is Windows-only, and suggest alternatives for Linux/macOS users if available.
GitHub Create Pull Request
Security Exception Management - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...y/develop/threat-modeling-tool-exception-management.md
Medium Priority View Details →
Scanned: 2026-01-14 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation is heavily focused on Windows-centric technologies (WCF, ASP.NET Web API, IIS), with configuration and code examples specific to .NET Framework and Windows server environments. There are no Linux or cross-platform equivalents provided, and mitigation steps reference Windows tools and patterns (e.g., IIS, web.config, machine.config) without mentioning alternatives for Linux or macOS deployments.
Recommendations
  • Add guidance for cross-platform .NET Core/.NET 5+ deployments, including Linux and macOS hosting scenarios.
  • Include examples for exception management in non-Windows environments (e.g., Kestrel, Nginx, Apache).
  • Reference configuration files and deployment patterns relevant to Linux (e.g., appsettings.json, environment variables, systemd).
  • Clarify which recommendations are Windows-only and provide Linux/macOS alternatives where possible.
  • Highlight cross-platform best practices for error handling and exception management.
GitHub Create Pull Request
Security Input Validation - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...urity/develop/threat-modeling-tool-input-validation.md
Medium Priority View Details →
Scanned: 2026-01-14 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Powershell Heavy 🔧 Windows Tools Missing Linux Example
Summary
The documentation for input validation in the Microsoft Threat Modeling Tool is heavily focused on Windows-centric technologies and .NET Framework, with nearly all code examples in C# and references to IIS, MSXML, web.config, and Windows-specific APIs. There are no Linux or cross-platform equivalents provided for key mitigations such as HTTP header configuration, XML parsing, file upload validation, or web server configuration. Where browser-specific mitigations are discussed, Internet Explorer is referenced first and exclusively. The documentation assumes use of Windows hosting environments and tools, leaving Linux/macOS developers without guidance for equivalent implementations.
Recommendations
  • Provide code examples in cross-platform languages (e.g., Python, Java, Node.js) for input validation, XML parsing, and file upload validation.
  • Include instructions for setting HTTP headers (like X-Content-Type-Options) in popular Linux web servers (e.g., Apache, Nginx) and frameworks.
  • Reference Linux/macOS XML libraries (e.g., lxml, xml.etree.ElementTree, libxml2) and show how to disable entity resolution and DTD processing.
  • Offer guidance for file upload validation using Linux file system conventions and antivirus tools.
  • When discussing browser mitigations, mention Chrome, Firefox, and Safari implementations and syntax where relevant.
  • Add parity for configuration steps in Linux environments (e.g., using environment variables, config files, or server directives).
GitHub Create Pull Request
Security Sensitive Data - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...ecurity/develop/threat-modeling-tool-sensitive-data.md
Medium Priority View Details →
Scanned: 2026-01-14 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Powershell Heavy Missing Linux Example
Summary
The documentation page exhibits a moderate Windows bias. Several examples and recommendations reference Windows-specific technologies (EFS, DPAPI, BitLocker, IIS/web.config, Intune), and Windows tools (CryptoObfuscator) are mentioned without Linux equivalents. In some cases, Windows approaches are described first or exclusively, while Linux alternatives (e.g., dm-crypt for disk encryption) are only briefly referenced or omitted. There is a lack of parity in examples and implementation details for Linux/macOS users, especially for file system encryption and configuration protection.
Recommendations
  • For file system encryption, mention and provide examples for Linux (e.g., using LUKS/dm-crypt, eCryptfs) and macOS (FileVault).
  • When referencing DPAPI or EFS, suggest cross-platform alternatives such as Gnome Keyring, libsecret, or platform-specific keychains.
  • Provide configuration protection examples for Linux web servers (e.g., Nginx/Apache) and application config files, not just IIS/web.config.
  • When recommending tools like CryptoObfuscator, mention cross-platform or open-source alternatives (e.g., Obfuscar for .NET Core, pyarmor for Python).
  • For mobile device management, include Android Enterprise and Apple MDM solutions alongside Intune.
  • Ensure code samples and configuration snippets are provided for both Windows and Linux/macOS environments where applicable.
GitHub Create Pull Request
Previous Page 12 of 16 Next