Security

116
Total Pages
38
Linux-Friendly Pages
78
Pages with Bias
67.2%
Bias Rate

Bias Trend Over Time

Pages with Bias Issues

380 issues found
Showing 51-75 of 380 flagged pages
Security Best practices for Azure Service Fabric security ...security/fundamentals/service-fabric-best-practices.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Powershell Heavy Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates a clear Windows bias. Windows-specific tools (PowerShell, Remote Desktop Connection, Windows Server certificate service, Active Directory) are mentioned exclusively or before any Linux alternatives. Examples and instructions focus on Windows environments, with no mention of Linux equivalents (e.g., Bash, SSH, Linux certificate management, Linux user/group management). There are no examples or guidance for deploying or securing Service Fabric clusters on Linux, nor are Linux-specific security practices or tooling referenced.
Recommendations
  • Add Linux-specific examples for cluster creation and management, such as using Bash scripts, Azure CLI, or ARM templates from Linux environments.
  • Include instructions for accessing clusters via SSH and managing Linux VMs, alongside or instead of Remote Desktop Connection.
  • Reference Linux certificate management tools (e.g., OpenSSL) and provide guidance for generating and installing certificates on Linux nodes.
  • Discuss Linux user/group management and security policies, including integration with Linux-based identity providers.
  • Ensure all best practices and scenarios are described for both Windows and Linux clusters, with clear parity in examples and tooling.
  • Explicitly mention Service Fabric support for Linux clusters and link to relevant documentation.
GitHub Create Pull Request
Security Security technical capabilities in Azure - Microsoft Azure ...ticles/security/fundamentals/technical-capabilities.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates a Windows bias by frequently referencing Windows-centric tools, patterns, and terminology (e.g., Active Directory, Windows error reporting, Microsoft Accounts), and by omitting Linux-specific examples or alternatives. While Linux is mentioned as a supported platform, technical details, examples, and guidance are almost exclusively focused on Microsoft/Windows technologies, with little to no parity for Linux users.
Recommendations
  • Include Linux-specific examples and guidance for identity management, device registration, and privileged access (e.g., integration with Linux PAM, SSSD, or LDAP).
  • Provide equivalent instructions for configuring security features (such as antimalware, backup, and monitoring) on Linux VMs, including references to supported Linux tools and agents.
  • Mention open-source and cross-platform alternatives alongside Microsoft/Windows solutions, especially for authentication, monitoring, and compliance.
  • Add examples of using Azure CLI and shell scripts (bash/zsh) for common security operations, not just portal or PowerShell-based workflows.
  • Clarify support for Linux in sections discussing features like Azure Monitor, Application Insights, and Defender for Cloud, with explicit Linux setup steps.
  • Balance references to Windows error reporting, Microsoft Accounts, and Active Directory with Linux equivalents (e.g., systemd journal, local Linux accounts, open-source identity providers).
GitHub Create Pull Request
Security Prevent subdomain takeovers with Azure DNS alias records and Azure App Service's custom domain verification ...n/articles/security/fundamentals/subdomain-takeover.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Powershell Heavy Windows First Missing Linux Example
Summary
The documentation page demonstrates a Windows bias primarily through exclusive use of PowerShell scripts and tools for DNS discovery and automation, with no mention of equivalent Linux shell (bash) commands or cross-platform alternatives. The guidance and examples for running queries and automating processes are PowerShell-centric, and there is no discussion of how Linux users might perform these tasks. Additionally, references to running scripts and queries are presented in a Windows-first manner, with no Linux parity or alternative tooling described.
Recommendations
  • Provide bash or Azure CLI examples alongside PowerShell scripts for identifying and remediating dangling DNS entries.
  • Mention cross-platform compatibility of the tools, or suggest equivalent open-source/Linux-native tools if available.
  • Include instructions for running the discovery and remediation scripts on Linux and macOS environments.
  • Clarify whether the provided PowerShell scripts can be executed using PowerShell Core on Linux/macOS, and provide installation guidance if so.
  • Add references to Azure CLI documentation for resource graph queries and DNS management.
  • Ensure that automation and scripting guidance is platform-agnostic or includes both Windows and Linux approaches.
GitHub Create Pull Request
Security Secure your Microsoft Entra identity infrastructure ...rticles/security/fundamentals/steps-secure-identity.md
High Priority View Details →
Scanned: 2026-01-11 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Windows First Missing Linux Example
Summary
The documentation page demonstrates a bias toward Windows environments, particularly through repeated references to Windows-specific tools and patterns (e.g., AD FS, Windows Server Active Directory, Windows Hello for Business) and the absence of Linux or cross-platform equivalents. Examples and recommendations are almost exclusively framed in terms of Microsoft/Windows technologies, with no mention of how to achieve similar outcomes in Linux-based environments or with open-source tools. This may leave Linux administrators without clear guidance for securing identity infrastructure in hybrid or non-Windows settings.
Recommendations
  • Include examples and guidance for Linux-based identity infrastructure, such as integrating Microsoft Entra ID with Linux authentication systems (e.g., PAM, SSSD, LDAP).
  • Mention and provide parity for password protection and banned password features for Linux environments, or reference third-party/open-source equivalents.
  • When discussing AD FS and Windows Hello for Business, provide alternatives or guidance for organizations using Linux-based federation or authentication solutions (e.g., Shibboleth, Keycloak, SAML implementations).
  • Add instructions for monitoring, logging, and auditing using Linux-native tools (e.g., syslog, auditd) and how to integrate these with Microsoft Entra ID.
  • Ensure that recommendations for privileged account protection, self-service password reset, and access reviews include Linux-compatible workflows or third-party solutions.
  • Explicitly state cross-platform compatibility for features and clarify any Windows-only limitations.
GitHub Create Pull Request
Security Microsoft Threat Modeling Tool release 10/16/2019 - Azure ...rity/develop/threat-modeling-tool-releases-71610151.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation page exclusively references Windows as the supported operating system, with no mention of Linux or macOS support or alternatives. The system requirements specify Windows 10 and .NET Framework, both Windows-centric technologies. There are no examples, instructions, or notes for Linux users, nor any cross-platform guidance.
Recommendations
  • Clearly state whether Linux and macOS are supported or not. If unsupported, provide rationale and suggest alternatives for non-Windows users.
  • If possible, offer a Linux-compatible version or instructions for running the tool via Wine, Mono, or in a VM.
  • Include documentation or links to threat modeling tools available for Linux, to help users on other platforms.
  • Add a section comparing platform support, and ensure parity in examples and troubleshooting guidance for all supported operating systems.
GitHub Create Pull Request
Security Communication security for the Microsoft Threat Modeling Tool ...develop/threat-modeling-tool-communication-security.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Powershell Heavy Missing Linux Example
Summary
The documentation demonstrates a Windows bias by prioritizing Windows-centric technologies (e.g., ASP.NET, WCF, SQL Server, SMB, Windows Azure references), providing code/configuration examples only for Windows/.NET platforms, and referencing Windows-specific tools and patterns (e.g., web.config, ServicePointManager, SQL Server Management Studio, SMB 3.x for Windows clients). There is a lack of Linux or cross-platform examples, and Linux tools or configuration methods are not mentioned or are omitted entirely.
Recommendations
  • Add equivalent Linux examples for enforcing HTTPS (e.g., Nginx/Apache config snippets for HSTS, HTTPS redirects).
  • Include Linux-compatible code samples for certificate pinning (e.g., Python, Java, Node.js).
  • Reference Linux tools and configuration steps for SQL Server (e.g., using sqlcmd, connection string settings in non-.NET clients).
  • Mention SMB 3.x support for Linux clients (e.g., mount.cifs with encryption options) and provide guidance for Linux environments.
  • Provide parity for web server configuration (e.g., show how to enforce HTTPS and HSTS in Nginx/Apache, not just IIS/web.config).
  • Highlight cross-platform libraries and frameworks (e.g., .NET Core, Java Spring, Python Flask) where applicable.
  • Ensure references and links include Linux documentation and not just Windows/MSDN resources.
GitHub Create Pull Request
Security Auditing and Logging - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...y/develop/threat-modeling-tool-auditing-and-logging.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Windows First Missing Linux Example
Summary
The documentation demonstrates a Windows bias by referencing Windows-specific tools and concepts (e.g., Windows ACLs, SQL Server, WCF/.NET configuration) and providing configuration examples only for Windows-centric technologies. There are no equivalent Linux or cross-platform examples for log file permissions, auditing, or logging configuration. Windows terminology and tools are mentioned exclusively or before any Linux alternatives, and there is a lack of parity in practical guidance for Linux environments.
Recommendations
  • Add Linux-specific examples for log file access control (e.g., using chmod, chown, setfacl) alongside Windows ACL references.
  • Include guidance for enabling auditing and logging on popular Linux web servers (e.g., Apache, Nginx) and databases (e.g., MySQL, PostgreSQL).
  • Provide configuration samples for log rotation using Linux tools (e.g., logrotate) in addition to generic descriptions.
  • Mention cross-platform logging frameworks (e.g., syslog, rsyslog, ELK stack) and show how to configure them for auditing and restricted access.
  • Clarify that recommendations apply to both Windows and Linux environments, and explicitly call out platform-specific steps where necessary.
GitHub Create Pull Request
Security Design secure applications on Microsoft Azure ...s/blob/main/articles/security/develop/secure-design.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Powershell Heavy Missing Linux Example
Summary
The documentation page exhibits a Windows bias by referencing Microsoft-specific tools and patterns (such as PowerShell, Microsoft Entra, and Azure Key Vault) without mentioning Linux equivalents or cross-platform alternatives. Examples and guidance are centered around Windows technologies and Azure services, with little to no reference to Linux-based workflows, tools, or security practices. The Security Development Lifecycle (SDL) is linked to a Windows documentation page, and authentication guidance references remote PowerShell access, which is primarily a Windows-centric tool. There are no explicit Linux or open-source examples, and platform-neutral alternatives are not highlighted.
Recommendations
  • Include Linux-specific examples and workflows for key security activities, such as authentication, logging, and key management.
  • Reference cross-platform tools and SDKs (e.g., Azure CLI, which runs natively on Linux, macOS, and Windows) alongside or before Windows-specific tools like PowerShell.
  • Provide links to Linux security best practices and documentation, such as SELinux, AppArmor, or Linux-based identity management solutions.
  • Highlight open-source and platform-neutral threat modeling tools in addition to Microsoft SDL Threat Modeling Tool.
  • Ensure that examples for logging, error handling, and deployment include both Windows and Linux environments.
  • Mention Linux-compatible Azure services and features, such as Azure App Service for Linux, and provide guidance for securing applications deployed on Linux VMs.
GitHub Create Pull Request
Security Microsoft Threat Modeling Tool release 02/11/2020 - Azure ...rity/develop/threat-modeling-tool-releases-73002061.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation exclusively references Windows as the supported operating system, with no mention of Linux or macOS support or equivalents. All system requirements and download instructions are Windows-specific, and there are no examples or instructions for Linux users. The tool itself appears to be Windows-only, and no cross-platform alternatives or workarounds are discussed.
Recommendations
  • Clearly state if the tool is Windows-only, and if so, provide rationale or roadmap for Linux/macOS support.
  • If possible, offer Linux (and macOS) versions of the tool, or suggest alternative tools for non-Windows users.
  • Include instructions or workarounds for running the tool on Linux (e.g., via Wine, virtualization, or containers) if native support is unavailable.
  • Ensure that future documentation includes parity in examples, requirements, and troubleshooting for all supported platforms.
GitHub Create Pull Request
Security Exception Management - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...y/develop/threat-modeling-tool-exception-management.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page demonstrates a strong Windows bias by exclusively referencing Windows-centric technologies (WCF, ASP.NET, IIS), configuration files (web.config, machine.config), and tools. All code and configuration examples are for .NET/ASP.NET on Windows, with no mention of Linux equivalents (e.g., nginx, Apache, Mono, .NET Core on Linux). Error handling and deployment instructions are tailored to IIS and Windows server environments, and there are no examples or guidance for Linux-based deployments or open-source web frameworks.
Recommendations
  • Add equivalent examples for Linux environments, such as exception handling in .NET Core running on Linux, or in popular Linux web frameworks (e.g., Flask, Django, Node.js).
  • Include deployment and configuration guidance for Linux web servers (e.g., nginx, Apache) alongside IIS instructions.
  • Mention cross-platform .NET (Core/5+) and how exception management differs or is handled in Linux containers or servers.
  • Provide code samples and configuration snippets for Linux-based applications and environments.
  • Reference open-source or Linux-friendly tools for error handling, logging, and deployment, not just Windows-specific ones.
GitHub Create Pull Request
Security Introduction to Azure security | Microsoft Docs ...s/blob/main/articles/security/fundamentals/overview.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Powershell Heavy 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates several forms of Windows bias. Windows and Windows-specific tools (such as PowerShell and IIS) are mentioned before or instead of Linux equivalents in multiple sections. Examples and instructions for features like SQL VM TDE and App Service diagnostics reference Windows-centric tools (PowerShell, IIS) without Linux alternatives. There is a lack of parity in examples and tool recommendations for Linux users, and Windows terminology and features (e.g., BitLocker, Windows 10 device management) are highlighted more prominently than Linux equivalents.
Recommendations
  • Provide Linux-specific examples and instructions alongside Windows ones, especially for tasks like enabling Azure Key Vault integration for SQL VMs, configuring diagnostics, and disk encryption.
  • Include references to Linux-native tools (e.g., Bash, systemd, journald, auditd) where Windows tools (PowerShell, IIS) are mentioned.
  • Ensure parity in feature descriptions for both Windows and Linux, such as device management, disk encryption, and identity integration.
  • Explicitly mention support for Linux in all relevant sections, and provide links to Linux documentation where available.
  • Avoid listing Windows features or tools first unless there is a technical reason; alternate ordering or group by OS where possible.
GitHub Create Pull Request
Security Data security and encryption best practices - Microsoft Azure ...ecurity/fundamentals/data-encryption-best-practices.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Windows First Missing Linux Example
Summary
The documentation page demonstrates a Windows bias by referencing Windows-specific tools and concepts (e.g., Privileged Access Workstation, Microsoft security models) without mentioning Linux equivalents or alternatives. There are no examples or guidance for Linux-based secure workstations, endpoint protection, or key management workflows. The documentation assumes familiarity with Microsoft/Windows-centric security paradigms and omits cross-platform considerations.
Recommendations
  • Include guidance and examples for securing Linux workstations, such as using hardened Linux desktops or jump hosts for privileged access.
  • Mention Linux-native endpoint protection solutions and how they can be integrated with Azure security controls.
  • Provide parity in key management workflows, including CLI examples for both Windows (PowerShell) and Linux (Azure CLI, Bash).
  • Reference open-source or cross-platform tools and patterns for secure workstation management and endpoint protection.
  • Explicitly state that best practices apply to both Windows and Linux environments, and link to platform-specific documentation where available.
GitHub Create Pull Request
Security Azure identity management security overview .../security/fundamentals/identity-management-overview.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates a Windows bias by referencing Windows-centric concepts and tools (Active Directory, AD DS, AD FS, Windows Hello for Business) without mentioning Linux equivalents or integration patterns. Examples and terminology are consistently Windows-first, and there are no explicit examples or guidance for Linux environments, such as Linux domain-joined devices, Linux authentication methods, or integration with Linux identity systems.
Recommendations
  • Include examples and guidance for Linux-based environments, such as integrating Linux servers with Azure identity management.
  • Mention Linux-compatible authentication methods (e.g., PAM, SSH key integration, SSSD) alongside Windows Hello for Business.
  • Provide documentation or links for configuring SSO and device registration for Linux devices.
  • Discuss hybrid identity scenarios for organizations using LDAP or other non-Active Directory identity providers.
  • Clarify how Microsoft Entra features can be used in mixed-OS environments, including Linux desktops and servers.
  • Add Linux-specific troubleshooting and deployment guides for identity management features.
GitHub Create Pull Request
Security Microsoft Threat Modeling Tool release 4/9/2019 ...rity/develop/threat-modeling-tool-releases-71604081.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation exclusively references Windows as the supported operating system and requires .NET Framework, which is primarily a Windows technology. There are no mentions of Linux or cross-platform support, nor are there instructions or examples for Linux users. The download and usage instructions implicitly assume a Windows environment.
Recommendations
  • Explicitly state whether Linux or macOS are supported or not. If unsupported, clarify this in the documentation.
  • If possible, provide instructions for running the tool on Linux (e.g., via Wine or .NET Core/Mono) or offer a cross-platform version.
  • Include system requirements for other platforms if support is added.
  • Offer troubleshooting or alternative solutions for non-Windows users.
  • Ensure parity in examples and screenshots by including Linux equivalents where applicable.
GitHub Create Pull Request
Security Authorization - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...security/develop/threat-modeling-tool-authorization.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
🔧 Windows Tools Windows First Powershell Heavy Missing Linux Example
Summary
The documentation page demonstrates a bias towards Windows-centric technologies and patterns. Examples and configuration snippets focus on Windows-specific frameworks (WCF, ASP.NET, .NET), and authorization mechanisms are described primarily in terms of Windows roles and groups. There is a lack of Linux or cross-platform equivalents, and no mention of Linux-specific tools, patterns, or configuration examples (such as file permissions, sudoers, or Linux ACLs). Windows terminology and technologies are presented first and exclusively, with no parity for Linux environments.
Recommendations
  • Include Linux-specific examples for authorization, such as using POSIX ACLs, sudoers configuration, and file permission management.
  • Provide parallel configuration snippets for Linux-based web frameworks (e.g., Flask, Django) and database access control (e.g., PostgreSQL, MySQL).
  • Discuss role-based access control in Linux environments, such as SELinux, AppArmor, or systemd service permissions.
  • Reference Linux tools and patterns (e.g., chown, chmod, setfacl) alongside Windows equivalents.
  • Ensure that examples and recommendations are balanced between Windows and Linux, or explicitly note platform-specific differences.
  • Add guidance for cross-platform cloud deployments, including Linux VM and container security best practices.
GitHub Create Pull Request
Security Configuration management for the Microsoft Threat Modeling Tool ...velop/threat-modeling-tool-configuration-management.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools Powershell Heavy
Summary
The documentation demonstrates a strong Windows bias. Most configuration and code examples are specific to Windows technologies (ASP.NET, IIS, Web.config, BitLocker, Windows Firewall, WCF), with little or no mention of Linux equivalents. Windows tools and patterns (e.g., BitLocker, Windows Firewall, IIS web.config) are referenced exclusively or before any cross-platform alternatives. There are no Linux-specific examples or instructions for common tasks such as setting HTTP headers, configuring firewalls, or encrypting partitions. The documentation assumes a Windows-centric environment, omitting guidance for Linux or cross-platform scenarios.
Recommendations
  • Provide Linux-specific examples for all configuration tasks, such as setting HTTP headers (using Apache/Nginx config), configuring firewalls (using iptables, ufw, firewalld), and encrypting partitions (using LUKS/dm-crypt).
  • Include cross-platform code samples and configuration snippets, especially for web application security headers and CORS settings.
  • Mention open-source and Linux-native tools (e.g., SELinux, AppArmor, LUKS, nftables) alongside Windows tools like BitLocker and Windows Firewall.
  • Clarify which recommendations are platform-specific and offer alternatives for non-Windows environments.
  • Add references to Linux and cross-platform documentation where appropriate.
  • Avoid assuming the use of IIS, ASP.NET, or Windows-only frameworks; provide parity for popular Linux stacks (e.g., Node.js, Python, Java, running on Apache/Nginx).
GitHub Create Pull Request
Security Cryptography - Microsoft Threat Modeling Tool - Azure | Microsoft Docs .../security/develop/threat-modeling-tool-cryptography.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Powershell Heavy Missing Linux Example
Summary
The documentation demonstrates a strong Windows bias throughout. Windows-specific technologies (CNG, CAPI, Win32/64 APIs, BitLocker, TPM on Windows IoT Core, SSIS, SQL Server features) are mentioned exclusively or before alternatives. .NET examples and APIs are prioritized, with little to no mention of equivalent Linux cryptographic tools, APIs, or practices. Code examples and references focus on Windows environments, and there are no Linux or open-source tool examples for cryptographic operations, device security, or database encryption.
Recommendations
  • Add equivalent Linux examples for cryptographic operations (e.g., OpenSSL, GnuPG, /dev/urandom for RNG, dm-crypt/LUKS for disk encryption).
  • Mention Linux-compatible hardware security modules (HSMs) and TPM usage, including references to Linux TPM libraries and provisioning guides.
  • Include database encryption and signing examples for PostgreSQL, MySQL, or other cross-platform databases, not just SQL Server.
  • Provide device security recommendations for Linux-based IoT devices, including secure key storage and management.
  • Balance .NET and Windows API references with Java, Python, and C/C++ cross-platform libraries (e.g., BouncyCastle, PyCryptodome, libsodium).
  • Reference Linux disk encryption tools (e.g., LUKS, eCryptfs) alongside BitLocker.
  • Add code samples for Linux and open-source environments where only Windows/.NET samples are present.
GitHub Create Pull Request
Security Authentication - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...ecurity/develop/threat-modeling-tool-authentication.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example Powershell Heavy
Summary
The documentation demonstrates a Windows-centric bias in several ways. Windows authentication is recommended as the default for SQL Server, and Windows-based authentication methods are listed before alternatives in multiple sections. Tools and concepts such as Kerberos, Windows Server certificate services, and MSMQ (Microsoft Message Queuing) are referenced without Linux or cross-platform equivalents. There are no Linux-specific authentication examples or references to Linux-native tools (e.g., OpenLDAP, Kerberos on Linux, Linux certificate authorities). Example code and configuration snippets are either Windows-specific or .NET-centric, with no parity for Linux environments or open-source stacks.
Recommendations
  • Provide Linux authentication examples and mention Linux-native tools (e.g., PAM, OpenLDAP, Kerberos on Linux) alongside Windows options.
  • When recommending authentication mechanisms, list cross-platform or open standards (e.g., OAuth2, SAML, certificates) before or alongside Windows-specific methods.
  • For SQL Server, mention and provide examples for SQL authentication and integration with Linux-based identity providers.
  • When referencing certificate authorities, include Linux-compatible CA solutions (e.g., OpenSSL, Let's Encrypt) and not just Windows Server certificate services.
  • For messaging and queueing, mention cross-platform alternatives to MSMQ (e.g., RabbitMQ, Apache Kafka) and provide authentication guidance for those.
  • Ensure that all code samples and configuration snippets have Linux equivalents or note any platform-specific requirements.
  • Explicitly state when a feature or recommendation is Windows-only, and provide alternative guidance for Linux environments.
GitHub Create Pull Request
Security Input Validation - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...urity/develop/threat-modeling-tool-input-validation.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools Powershell Heavy
Summary
The documentation page demonstrates a strong Windows bias. Examples and configuration instructions are almost exclusively provided for Windows-centric technologies (ASP.NET, IIS, .NET, MSXML, web.config, C#), with little to no mention of Linux or cross-platform equivalents. Windows tools and APIs are referenced first and sometimes exclusively, while Linux/Unix alternatives (such as Apache/Nginx configuration, Python/Java code, or Linux file system guidance) are absent. Even generic security concepts are illustrated with Windows-specific code and configuration files.
Recommendations
  • Add equivalent examples for Linux-based stacks (e.g., Apache, Nginx, Node.js, Python, Java) alongside Windows/IIS examples.
  • Include configuration instructions for popular Linux web servers (e.g., setting HTTP headers in Apache/Nginx).
  • Provide code samples in languages commonly used on Linux (e.g., Python, Java, Go, PHP) in addition to C#.
  • Reference cross-platform libraries and tools for input validation and encoding (e.g., OWASP ESAPI, Python's bleach, Java's built-in validation).
  • When discussing file upload security, mention Linux file system considerations and anti-virus solutions available for Linux.
  • For XML entity resolution, include examples using Linux-friendly libraries (e.g., lxml in Python, Java's XML parsers).
  • Balance references to Windows-specific technologies (MSXML, IIS, .NET) with Linux/Unix alternatives.
  • Explicitly state when a mitigation or technique is platform-specific and provide alternatives for other platforms.
GitHub Create Pull Request
Security Microsoft Threat Modeling Tool release 7/2/2019 ...rity/develop/threat-modeling-tool-releases-71607021.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation for the Microsoft Threat Modeling Tool is heavily Windows-centric. System requirements list only Windows 10 and .NET Framework, with no mention of Linux or macOS support or alternatives. All instructions and download links implicitly assume a Windows environment, and there are no examples or guidance for Linux users.
Recommendations
  • Clearly state platform support, including whether Linux or macOS are supported or not.
  • If Linux/macOS are not supported, suggest alternative threat modeling tools available for those platforms.
  • If partial support exists (e.g., via Wine or Mono), provide installation instructions and troubleshooting for Linux/macOS.
  • Include examples or documentation sections relevant to non-Windows environments, where possible.
  • Consider open-sourcing components or providing cross-platform versions to improve accessibility.
GitHub Create Pull Request
Security Session Management - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...ity/develop/threat-modeling-tool-session-management.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Powershell Heavy 🔧 Windows Tools Missing Linux Example
Summary
The documentation is heavily oriented towards Windows and Microsoft technologies, with all code samples and configuration references using ASP.NET, Web.config, ADFS, and related Windows-only tools. Powershell is used for administrative tasks, and there are no examples or guidance for Linux-based frameworks or cross-platform equivalents. Linux tools, patterns, and configuration files are not mentioned, and all examples are specific to Windows environments.
Recommendations
  • Add equivalent examples for popular Linux web frameworks (e.g., Django, Flask, Node.js/Express) demonstrating session management, CSRF protection, and secure cookie configuration.
  • Include guidance for configuring session and cookie security in Nginx/Apache, and using environment variables or .env files for settings on Linux.
  • Provide examples of logout/session termination for OAuth2/OpenID Connect implementations using cross-platform libraries (e.g., Python, Java, Node.js).
  • Mention Linux command-line tools and scripts for administrative tasks, such as using bash or systemd timers for session expiration.
  • Reference cross-platform identity providers and authentication middleware (e.g., Auth0, Keycloak) and show how to configure session management in those environments.
  • Balance documentation by presenting Windows and Linux solutions side-by-side, or clearly indicating when a solution is Windows-specific.
GitHub Create Pull Request
Security Microsoft Antimalware for Azure | Microsoft Docs ...lob/main/articles/security/fundamentals/antimalware.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example Powershell Heavy 🔧 Windows Tools
Summary
The documentation is heavily biased towards Windows environments. All examples, instructions, and supported platforms are Windows-centric, with explicit statements that Linux is not supported. Deployment and configuration steps exclusively use Windows tools (Azure portal, Visual Studio, PowerShell), and all code samples reference Windows VMs or Windows event logs. There are no Linux equivalents, examples, or guidance for Linux users, and Linux support is explicitly excluded.
Recommendations
  • Clearly state Linux support status and alternatives at the top of the documentation.
  • If Linux support is planned, provide equivalent instructions, examples, and tooling for Linux VMs (e.g., Bash, CLI, ARM templates).
  • Reference and link to antimalware solutions for Linux in Azure, such as third-party integrations or Defender for Endpoint on Linux.
  • Add a comparison table of supported OS features and limitations.
  • If Linux is not supported, suggest best practices and recommended security solutions for Linux workloads in Azure.
GitHub Create Pull Request
Security Sensitive Data - Microsoft Threat Modeling Tool - Azure | Microsoft Docs ...ecurity/develop/threat-modeling-tool-sensitive-data.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
🔧 Windows Tools Windows First Missing Linux Example Powershell Heavy
Summary
The documentation page exhibits several signs of Windows bias. Windows-specific technologies and tools (e.g., EFS, DPAPI, BitLocker, Intune, Windows credential types) are mentioned exclusively or before their Linux equivalents. Examples and references are predominantly .NET, ASP.NET, and Windows-centric, with little to no mention of Linux alternatives or cross-platform approaches. Where Linux is mentioned (e.g., Azure Disk Encryption), it is secondary to Windows, and no Linux-specific implementation examples or tools are provided. There is a lack of parity in examples and recommendations for Linux environments.
Recommendations
  • For file system encryption, mention and provide examples for Linux equivalents such as eCryptfs, LUKS, or fscrypt alongside EFS and DPAPI.
  • When discussing disk encryption (e.g., Azure Disk Encryption), provide detailed Linux implementation steps and examples using DM-Crypt and reference Linux documentation.
  • Include cross-platform code samples (e.g., Python, Java) and configuration examples for encrypting sensitive data, not just .NET/C#.
  • Reference Linux security tools and patterns (e.g., SELinux, AppArmor, GnuPG) where appropriate.
  • For mobile device management, mention Android Enterprise and Linux-based solutions in addition to Intune.
  • When discussing credential types and authentication, include Linux-compatible options (e.g., Kerberos, PAM) and avoid Windows-only terminology.
  • Ensure that all recommendations and examples are presented for both Windows and Linux environments, or clearly indicate platform-specific steps.
GitHub Create Pull Request
Security Microsoft Antimalware code samples for Azure | Microsoft Docs ...cles/security/fundamentals/antimalware-code-samples.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Powershell Heavy 🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation exclusively provides PowerShell code samples and references to Windows-centric tools and file paths (e.g., C:\ paths, .exe processes). There are no examples or guidance for Linux VMs or cross-platform command-line tools. The documentation assumes the use of Microsoft Antimalware, which is a Windows-only extension, and does not mention Linux security solutions or how to achieve similar functionality on Linux-based Azure VMs.
Recommendations
  • Clearly state at the beginning that Microsoft Antimalware is only supported on Windows VMs, if that is the case.
  • If Linux support is available, provide equivalent examples for Linux VMs using CLI, ARM templates, or relevant Linux security extensions (e.g., Microsoft Defender for Endpoint for Linux).
  • If Linux is not supported, add a section explaining recommended antimalware/endpoint protection options for Linux VMs in Azure.
  • Where possible, use cross-platform Azure CLI examples in addition to PowerShell.
  • Avoid hardcoding Windows-specific file paths and process names in examples, or provide Linux equivalents where relevant.
GitHub Create Pull Request
Security Security Recommendations for Azure Marketplace Images | Microsoft Docs ...cles/security/fundamentals/azure-marketplace-images.md
High Priority View Details →
Scanned: 2026-01-10 00:00
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation shows some Windows bias, notably by referencing Windows Server roles and features in the Linux section, listing Windows-specific tools (BitLocker) only for Windows, and omitting equivalent Linux examples (e.g., disk encryption, auto-update configuration). Windows terminology is sometimes used before or in place of Linux equivalents, and some recommendations for Windows (like BitLocker and auto-update) lack Linux counterparts.
Recommendations
  • Remove references to 'Windows Server roles, features, services' from the Linux section and replace with Linux-specific terms (e.g., 'Linux services, daemons, packages').
  • Add Linux equivalents for Windows-specific recommendations, such as recommending disk encryption tools like LUKS or dm-crypt for Linux images.
  • Provide guidance for configuring automatic security updates on Linux (e.g., using unattended-upgrades or dnf-automatic).
  • Ensure that examples and recommendations for both platforms are equally detailed and platform-specific.
  • When listing recommendations, avoid using Windows terminology in Linux sections and vice versa.
  • Include Linux-specific tools and best practices where Windows-specific tools are mentioned.
GitHub Create Pull Request
Previous Page 3 of 16 Next