Security

116
Total Pages
38
Linux-Friendly Pages
78
Pages with Bias
67.2%
Bias Rate

Bias Trend Over Time

Pages with Bias Issues

380 issues found
Showing 126-150 of 380 flagged pages
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/operational-security.md ...articles/security/fundamentals/operational-security.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation demonstrates a Windows bias through repeated prioritization of Windows terminology (e.g., 'Windows Azure'), Windows-centric tools (System Center, Data Protection Manager), and examples (Windows event logs, Windows servers). While Linux is mentioned as supported, there are few or no Linux-specific examples, tools, or operational patterns. Windows tools and logs are referenced exclusively or before Linux equivalents, and PowerShell is mentioned as a primary access method for logs. Linux is only referenced in passing, with no concrete examples or operational guidance.
Recommendations
  • Add Linux-specific operational examples, such as using syslog, journald, or Linux-native monitoring agents.
  • Include CLI and Bash examples alongside PowerShell for managing and querying Azure Monitor and Network Watcher.
  • Reference Linux backup solutions and workflows, not just Windows-centric tools like System Center DPM.
  • Provide parity in log and diagnostic examples, e.g., show how to collect and analyze Linux VM logs in Azure Monitor.
  • Balance terminology by referring to 'Azure' rather than 'Windows Azure', and avoid Windows-first phrasing.
  • Highlight Linux-specific security and compliance scenarios, such as SELinux or AppArmor integration with Azure services.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/identity-management-best-practices.md ...ity/fundamentals/identity-management-best-practices.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example Powershell Heavy
Summary
The documentation demonstrates a Windows bias by consistently referencing Windows-centric tools (Active Directory, Windows Server, Windows Hello for Business, Privileged Access Workstations), and by providing examples and recommendations that assume a Windows environment. There is a lack of Linux-specific guidance, tools, or examples, and Windows terminology and solutions are presented as defaults or first options. PowerShell and Windows-specific management patterns are referenced, while Linux equivalents (such as Azure CLI, SSH, or Linux authentication mechanisms) are rarely mentioned or omitted.
Recommendations
  • Include Linux-specific examples and workflows for identity and access management, such as using Azure CLI, SSH keys, and Linux authentication mechanisms.
  • Reference Linux-compatible tools and patterns alongside Windows tools (e.g., mention Azure CLI and Bash scripts in addition to PowerShell).
  • Provide guidance for integrating Azure identity management with Linux-based on-premises directories (such as LDAP or FreeIPA) and hybrid environments.
  • Describe how password policies, MFA, and privileged access management can be implemented and monitored on Linux systems.
  • Offer parity in workstation security recommendations, such as secure Linux admin workstations, and discuss Linux equivalents to Privileged Access Workstations.
  • Ensure that all examples, especially for automation and scripting, include both PowerShell and Bash/CLI versions.
  • Explicitly state cross-platform support and highlight any differences or considerations for Linux users.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/infrastructure-integrity.md ...cles/security/fundamentals/infrastructure-integrity.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates Windows bias by referencing Windows-specific technologies (e.g., Windows Fabric, Windows administrator accounts), mentioning Windows endpoints before any Linux equivalents, and omitting examples or references to Linux tools, patterns, or administrative practices. There are no Linux-specific instructions, terminology, or parity in examples for infrastructure integrity, authentication, or monitoring.
Recommendations
  • Include references to Linux-based infrastructure components and their management within Azure, such as Linux VM administration practices.
  • Provide examples of virus scanning tools and procedures for Linux environments (e.g., ClamAV, Sophos) alongside Endpoint Protection.
  • Mention Linux administrator account handling and security controls, not just Windows administrator accounts.
  • Clarify whether platform-management endpoints and cluster communication are available or secured for Linux-based workloads, and describe any differences.
  • Add parity in monitoring agent descriptions, referencing agents or watchdogs commonly used in Linux environments.
  • Ensure that documentation covers both Windows and Linux scenarios equally, especially in sections about authentication, firewalls, and ACLs.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/log-audit.md .../blob/main/articles/security/fundamentals/log-audit.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page demonstrates a Windows-first bias by referencing Windows event logs before Linux Syslog, providing more detail and links for Windows tooling (e.g., Azure Diagnostics for Windows), and omitting concrete Linux logging examples or integration steps. Linux is mentioned only in passing, with no equivalent depth or guidance as provided for Windows.
Recommendations
  • Provide parallel Linux examples and tooling references (e.g., detail how to collect and forward Syslog from Linux VMs, including links to relevant Azure Monitor agents for Linux).
  • Ensure that Linux logging mechanisms (such as Syslog, journald) are described with the same level of detail as Windows Event Logs.
  • Include step-by-step instructions or links for configuring Linux log collection and integration with Azure Monitor and SIEM solutions.
  • Balance the order of presentation so that Linux and Windows are mentioned together, or alternate which platform is listed first.
  • Reference cross-platform tools and APIs where possible, and clarify when a feature or integration is Windows-specific.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/management-monitoring-overview.md ...ecurity/fundamentals/management-monitoring-overview.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Powershell Heavy 🔧 Windows Tools Windows First
Summary
The documentation page generally presents Azure security and management features in a cross-platform manner, mentioning support for both Windows and Linux in several sections. However, there are subtle Windows biases: PowerShell is referenced as a primary automation language before Python, hotpatching is highlighted as a Windows-only feature, and automation examples/tools (such as Desired State Configuration) are more closely associated with Windows environments. Linux-specific tools, patterns, or examples are not equally emphasized or described.
Recommendations
  • Provide Linux-specific examples and tooling references alongside Windows ones, such as Bash scripts, Ansible, or Chef for automation.
  • When mentioning PowerShell, also mention Bash or Python equally, and provide sample runbooks or scripts for Linux environments.
  • Clarify which features (e.g., hotpatching) are Windows-only and offer equivalent or alternative solutions for Linux where possible.
  • Include explicit Linux security management patterns (e.g., SELinux, auditd integration) in relevant sections.
  • Ensure that examples and workflows are presented in a platform-neutral order or alternate between Windows and Linux to avoid 'Windows first' perception.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/overview.md ...s/blob/main/articles/security/fundamentals/overview.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Powershell Heavy 🔧 Windows Tools Missing Linux Example
Summary
The documentation page exhibits several forms of Windows bias. Windows and Windows-specific tools (such as PowerShell, IIS, and Windows 10 features) are frequently mentioned before or instead of Linux equivalents. Examples and instructions often reference Windows or PowerShell, with limited or no Linux-specific guidance. Some features and integrations are described primarily in terms of their Windows usage, and Windows terminology is pervasive throughout identity and device management sections. Linux support is mentioned in passing, but Linux-specific examples, tools, and patterns are largely absent.
Recommendations
  • Provide Linux-specific examples and instructions alongside Windows ones, especially for VM management, disk encryption, and backup.
  • Include CLI and Bash script examples in addition to PowerShell for configuration and automation tasks.
  • Highlight Linux-compatible security tools and integrations (e.g., SELinux, auditd, Linux-native antimalware solutions) where relevant.
  • Balance references to Windows-specific features (such as IIS diagnostics, Windows 10 device management) with equivalent Linux technologies (e.g., Apache/Nginx logging, Linux device enrollment).
  • Explicitly document any differences in feature support or configuration between Windows and Linux, and link to Linux-focused documentation where available.
  • Ensure that identity and access management guidance covers Linux device scenarios and cross-platform authentication patterns.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/paas-deployments.md ...ain/articles/security/fundamentals/paas-deployments.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
🔧 Windows Tools Powershell Heavy Windows First Missing Linux Example
Summary
The documentation page demonstrates Windows bias primarily through its exclusive mention of Windows-centric tools and patterns (e.g., PowerShell, Microsoft Entra ID, Azure Key Vault, Defender for Cloud) and the absence of Linux-specific examples or guidance. Where command-line or management interfaces are referenced, only Windows/PowerShell is mentioned (e.g., 'portal/remote PowerShell'), with no mention of Bash, Azure CLI, or Linux-native workflows. The documentation assumes familiarity with Microsoft/Windows ecosystem tools and does not provide parity for Linux users or administrators.
Recommendations
  • Include Linux-specific examples and workflows, such as using Azure CLI (az) commands in Bash for identity management, key vault access, and resource configuration.
  • When referencing management interfaces, mention both PowerShell and Azure CLI, and provide equivalent instructions for each.
  • Add guidance for integrating Azure PaaS services with Linux-based authentication and authorization systems, where applicable.
  • Reference open-source and cross-platform security tools alongside Microsoft-specific solutions.
  • Ensure that best practices and configuration steps are demonstrated for both Windows and Linux environments, especially for tasks like certificate management, secure file transfer, and monitoring.
  • Explicitly mention support for Linux-based development and deployment environments in relevant sections.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/ransomware-detect-respond.md ...les/security/fundamentals/ransomware-detect-respond.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Powershell Heavy 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates a Windows-centric bias. It references Windows-specific tools and concepts (such as PowerShell logs, Security Event logs, and Defender for Endpoint isolation with a Windows documentation link) without mentioning Linux equivalents. There are no Linux-specific examples, tools, or guidance, and Windows terminology is used by default when discussing detection and response patterns.
Recommendations
  • Include explicit examples and guidance for Linux-based Azure VMs, such as referencing syslog, auditd, or Linux-specific event logs when discussing log clearing or monitoring.
  • When mentioning PowerShell or Security Event logs, also mention Linux equivalents (e.g., bash history, /var/log/auth.log, /var/log/secure).
  • Provide links to documentation for isolating Linux VMs using Defender for Endpoint or other Azure-native controls, not just Windows.
  • Balance the discussion of tools and response steps to include both Windows and Linux environments, especially in cloud contexts where both are common.
  • Avoid assuming the use of Windows-only tools or workflows; clarify when guidance is platform-specific.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/secrets-best-practices.md ...ticles/security/fundamentals/secrets-best-practices.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page exhibits Windows bias primarily by referencing Windows-centric tools and patterns (such as Azure PowerShell, Azure portal, and RBAC), and by omitting explicit Linux or cross-platform examples. Service-specific best practices and tutorials often mention Windows or PowerShell tabs, but do not provide equivalent Linux or bash/CLI guidance. There is a lack of parity in examples and tooling recommendations for Linux environments.
Recommendations
  • Include Linux-specific examples and instructions alongside Windows/PowerShell examples, such as bash scripts, Azure CLI, or Linux-native secret management tools.
  • When referencing service-specific tutorials, ensure that both Windows and Linux tabs or code samples are present and equally visible.
  • Mention cross-platform secret management tools and patterns (e.g., HashiCorp Vault, environment variable management in Linux, systemd secrets) where appropriate.
  • Avoid using Windows-centric terminology (such as 'Azure PowerShell' or 'Windows VM') exclusively; provide equivalent Linux context.
  • Review all linked tutorials and guides to ensure Linux parity in step-by-step instructions and screenshots.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/service-fabric-best-practices.md ...security/fundamentals/service-fabric-best-practices.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Powershell Heavy Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates a Windows bias by consistently referencing Windows-specific tools (PowerShell, Windows Server certificate service, Remote Desktop Connection), providing instructions and examples primarily for Windows environments, and omitting Linux equivalents or examples. Windows security mechanisms (Active Directory, Windows security) are mentioned exclusively or before cross-platform alternatives. There is a lack of parity in guidance for Linux-based Service Fabric clusters, with no mention of Linux command-line tools, certificate management, or remote access options.
Recommendations
  • Add equivalent Linux examples for cluster creation and management, such as using Azure CLI, Bash scripts, or Linux-native tools.
  • Include instructions for configuring certificates using Linux tools (e.g., OpenSSL) and obtaining certificates for Linux clusters.
  • Mention Linux-compatible remote access methods (e.g., SSH) alongside Remote Desktop Connection.
  • Provide guidance for deploying and securing Service Fabric clusters on Linux, including references to Linux security mechanisms and identity providers.
  • Ensure that cross-platform APIs (HTTP, REST) are highlighted as alternatives to PowerShell.
  • Reorder sections to present cross-platform or Linux options alongside or before Windows-specific instructions where possible.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/technical-capabilities.md ...ticles/security/fundamentals/technical-capabilities.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates a subtle Windows bias. Windows terminology (e.g., 'domain-joined devices', 'Active Directory', 'Windows error reporting') is used as the default context for identity, device, and security management. Windows tools and technologies (Active Directory, Windows error reporting, Microsoft Accounts) are referenced without equivalent Linux alternatives or examples. There are no explicit Linux or cross-platform command-line examples, and Windows-centric patterns (e.g., domain join, Microsoft Accounts) are described first or exclusively. While Linux is mentioned as a supported OS for VMs and monitoring, practical guidance and examples for Linux environments are missing.
Recommendations
  • Provide Linux-specific examples and guidance alongside Windows examples for identity, device, and security management tasks.
  • Include references to Linux authentication and identity management patterns (e.g., integration with LDAP, Kerberos, or SSSD) where relevant.
  • Add cross-platform command-line examples (e.g., Bash, Azure CLI) for common administrative tasks, not just portal-based or Windows-centric workflows.
  • Mention Linux equivalents for Windows tools (e.g., alternatives to Windows error reporting, Linux-based antimalware solutions) and clarify support for Linux in monitoring and security products.
  • Ensure terminology is inclusive of both Windows and Linux environments, especially in sections discussing device registration, privileged access, and security alerts.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/steps-secure-identity.md ...rticles/security/fundamentals/steps-secure-identity.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Windows First Missing Linux Example
Summary
The documentation page demonstrates a Windows bias primarily through its repeated references to Windows-specific tools and patterns, such as AD FS, Windows Server Active Directory, and features like 'AD FS Extranet Smart Lockout.' There is a lack of parity for Linux or cross-platform equivalents, with no mention of how to implement similar security controls or monitoring for non-Windows environments. The guidance and examples consistently assume a Windows-centric infrastructure, omitting instructions or references for organizations using Linux-based identity solutions or hybrid environments with significant Linux components.
Recommendations
  • Include examples and guidance for securing Linux-based identity infrastructure, such as integration with LDAP, Kerberos, or other open-source identity providers.
  • Provide parity for features like password protection and smart lockout by referencing cross-platform solutions or third-party tools available for Linux environments.
  • Add instructions for monitoring and alerting using Linux-native SIEM tools (e.g., ELK stack, Splunk) alongside Azure Monitor and Sentinel.
  • When discussing hybrid environments, explicitly address scenarios where Linux servers or non-Windows systems are present, and offer recommendations for securing those systems.
  • Avoid assuming AD FS or Windows Server Active Directory as the default on-premises identity provider; mention alternatives and how Microsoft Entra can integrate with them.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/trusted-hardware-identity-management.md ...y/fundamentals/trusted-hardware-identity-management.md
High Priority View Details →
Scanned: 2026-01-09 00:34
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Powershell Heavy 🔧 Windows Tools
Summary
The documentation page exhibits mild Windows bias. In the section describing how to update the Intel QPL configuration file, Windows instructions (including registry edits and PowerShell commands) are presented before Linux instructions. Windows-specific tools (PowerShell, registry) are referenced, and the Windows download link for the Azure DCAP library is listed after several Ubuntu links, but Linux instructions are generally present and detailed. There is no evidence of missing Linux examples, as Linux procedures are included for all relevant operations.
Recommendations
  • Present Linux and Windows instructions in parallel or alternate their order to avoid implicit prioritization.
  • Include explicit parity notes to reassure users that all functionality is available on both platforms.
  • Where possible, use cross-platform command-line tools (e.g., systemctl, curl) in examples before platform-specific tools like PowerShell.
  • Add download links for other major Linux distributions (e.g., RHEL, CentOS, SUSE) if supported, not just Ubuntu.
  • Clarify any platform-specific limitations or differences up front, so users know what to expect.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-71607021.md ...rity/develop/threat-modeling-tool-releases-71607021.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation page exclusively references Windows as the supported operating system for the Microsoft Threat Modeling Tool, with no mention of Linux or macOS support. All system requirements and download instructions are Windows-centric, and there are no examples or guidance for Linux users. This demonstrates a clear Windows bias, both in tool support and documentation focus.
Recommendations
  • Explicitly state platform limitations and, if possible, provide information about Linux/macOS alternatives or workarounds.
  • Include guidance for running the tool on Linux (e.g., via Wine or virtualization) if native support is unavailable.
  • Offer parity in documentation by mentioning cross-platform threat modeling tools or community-supported solutions for non-Windows users.
  • If future releases support Linux/macOS, update system requirements and examples accordingly.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-71604081.md ...rity/develop/threat-modeling-tool-releases-71604081.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation exclusively references Microsoft Windows as the supported operating system and requires .NET Framework, which is Windows-centric. There are no mentions of Linux or cross-platform support, nor are there examples or instructions for non-Windows environments. The documentation assumes Windows as the default platform and does not provide parity for Linux users.
Recommendations
  • Explicitly state platform support, including whether Linux or macOS are supported or not.
  • If possible, provide instructions or alternatives for running the tool on Linux (e.g., via Wine, .NET Core, or a web-based version).
  • Include system requirements for Linux and macOS if supported, or suggest equivalent threat modeling tools available for those platforms.
  • Add examples and screenshots for non-Windows environments if the tool is cross-platform.
  • Clarify any limitations or future plans for Linux/macOS support in the documentation.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-73002061.md ...rity/develop/threat-modeling-tool-releases-73002061.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page exclusively references Windows as the supported operating system, with no mention of Linux or cross-platform compatibility. All requirements and download instructions are Windows-centric, and the tool itself appears to be Windows-only. There are no examples, instructions, or notes for Linux users, nor any mention of Linux equivalents or alternatives.
Recommendations
  • Explicitly state platform limitations and, if possible, provide information about Linux support or alternatives.
  • Include notes or guidance for Linux users, such as running the tool via Wine or using similar threat modeling tools available on Linux.
  • If future releases will support Linux, add installation and usage instructions for Linux environments.
  • Consider providing cross-platform examples and documentation to improve accessibility for non-Windows users.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-sensitive-data.md ...ecurity/develop/threat-modeling-tool-sensitive-data.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
🔧 Windows Tools Windows First Missing Linux Example Powershell Heavy
Summary
The documentation page demonstrates a bias towards Windows environments and tooling. Windows-specific technologies (EFS, DPAPI, BitLocker, Windows Intune, WCF with Windows credentials) are mentioned exclusively or before Linux equivalents. In several cases, only Windows solutions or .NET/C# code samples are provided, with little or no mention of Linux alternatives (e.g., LUKS/dm-crypt for file encryption, Gnome Keyring/KWallet for keystore, Linux-based obfuscation tools). Examples and references are heavily oriented towards Microsoft/Windows technologies, and Linux-specific guidance is generally missing.
Recommendations
  • For every Windows-specific tool or technology (e.g., EFS, DPAPI, BitLocker), provide Linux equivalents (e.g., LUKS/dm-crypt, GnuPG, eCryptfs) and describe how to implement similar protections on Linux systems.
  • Include code samples for both Windows (.NET/C#) and Linux (e.g., Python, Bash, OpenSSL) where applicable, especially for file encryption, configuration protection, and key management.
  • When discussing Azure Disk Encryption, give equal detail to Linux disk encryption (dm-crypt) as is given to BitLocker for Windows.
  • Mention cross-platform or Linux-native obfuscation tools (e.g., ProGuard for Java, pyarmor for Python) alongside CryptoObfuscator.
  • Add references to Linux documentation and community resources for sensitive data protection, encryption, and secure configuration.
  • Ensure that recommendations and examples for mobile clients include Android and iOS native approaches, not just Windows Intune or .NET for iOS.
  • Where WCF or Windows authentication is referenced, clarify alternatives for Linux-based services (e.g., TLS client certificates, OAuth2, JWT).
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/hypervisor.md ...blob/main/articles/security/fundamentals/hypervisor.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page exhibits Windows bias by exclusively referencing Windows Hyper-V as the hypervisor technology, with no mention of Linux-based hypervisors (such as KVM or Xen) or Linux-specific security patterns. All technical details, security mechanisms, and references are centered on Windows tools and terminology, with no examples or guidance for Linux environments.
Recommendations
  • Include references to Linux-based hypervisors (e.g., KVM, Xen) where relevant, and compare their security models to Hyper-V.
  • Provide examples or explanations of how similar security objectives are achieved in Linux environments on Azure.
  • Mention Linux-specific virtualization security features and tools, such as SELinux, AppArmor, or QEMU mitigations.
  • Clarify whether the described security mechanisms apply to Linux VMs hosted on Azure, and how Linux guests interact with the Windows-based hypervisor.
  • Add links to documentation on securing Linux workloads and hypervisors in Azure.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/operational-checklist.md ...rticles/security/fundamentals/operational-checklist.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Windows First Missing Linux Example
Summary
The documentation page demonstrates Windows bias by referencing Windows-specific technologies (e.g., SMB 3.0, Microsoft Entra, Defender for Cloud) and tools without providing Linux equivalents or examples. Windows protocols and tools are mentioned first or exclusively, such as SMB for file shares and Azure Disk Encryption for Windows VMs, while Linux-specific guidance is either missing or less emphasized. There are no command-line examples for Linux, and operational patterns are described in a way that assumes familiarity with Windows-centric Azure features.
Recommendations
  • Include Linux-specific examples and guidance alongside Windows references, such as NFS for file shares and Linux command-line tools.
  • Provide parity in documentation for Azure Disk Encryption, ensuring both Linux and Windows VM instructions are present and equally detailed.
  • Add operational security checklist items relevant to Linux environments, such as SELinux/AppArmor, Linux audit logs, and integration with Linux-based monitoring tools.
  • When mentioning protocols (e.g., SMB), also mention alternatives commonly used in Linux environments (e.g., NFS, SFTP) and link to their Azure documentation.
  • Ensure that examples and recommendations are platform-neutral or explicitly provide both Windows and Linux options.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/overview.md ...s/blob/main/articles/security/fundamentals/overview.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Powershell Heavy 🔧 Windows Tools Missing Linux Example
Summary
The documentation page exhibits a moderate Windows bias. Windows terminology, tools, and features (e.g., PowerShell, IIS, Windows 10, BitLocker, SQL Server, Microsoft Authenticator) are mentioned frequently and often before or instead of Linux equivalents. Examples and instructions (such as enabling Azure Key Vault integration for SQL Server VMs) reference Azure PowerShell cmdlets and Windows-centric features, with little or no mention of Linux-specific commands or tools. Some features (e.g., Microsoft Entra join, BitLocker recovery) are described as Windows-only, and diagnostic instructions focus on IIS and Windows web server diagnostics. Linux support is acknowledged in some places (e.g., Azure Disk Encryption for Linux VMs, Defender for Servers for Linux), but Linux-specific guidance and examples are generally sparse or absent.
Recommendations
  • Provide Linux-specific examples and instructions alongside Windows ones, especially for security configuration, diagnostics, and automation (e.g., show Bash/CLI commands, Linux web server diagnostics, Linux authentication tools).
  • Mention Linux tools and patterns (such as SSH, SELinux, iptables, auditd, systemd, etc.) where relevant, and explain how Azure integrates with or supports these.
  • Ensure parity in feature descriptions: if a feature is Windows-only (e.g., BitLocker, Microsoft Entra join), clearly state Linux alternatives or limitations.
  • Include references to Linux documentation and best practices for Azure security, such as links to securing Linux VMs, using Linux-based firewalls, and integrating with Linux identity providers.
  • Balance the order of presentation so that Linux and Windows are treated equally (e.g., do not always mention Windows first; alternate or group by OS where appropriate).
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/infrastructure-components.md ...les/security/fundamentals/infrastructure-components.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates a Windows bias by exclusively referencing Windows Server as the host operating system, mentioning Windows Firewall as a default security measure, and omitting any discussion of Linux-based hosts or tools. No examples, patterns, or references to Linux equivalents (such as iptables, SELinux, or Linux-based Azure VM images) are provided, and Windows terminology is used throughout without cross-platform context.
Recommendations
  • Include references to Linux-based Azure VM images and clarify whether Linux hosts are supported or available in the Azure infrastructure.
  • Mention Linux security tools (e.g., iptables, firewalld, SELinux) alongside Windows Firewall when discussing VM security configurations.
  • Provide examples or descriptions of how Linux VMs are managed, secured, and configured within Azure, ensuring parity with Windows-focused explanations.
  • Clarify whether the Azure hypervisor and fabric controller support Linux hosts and describe any differences in management or security practices.
  • Use neutral, cross-platform terminology where possible, and avoid implying that Windows is the only or primary operating system in Azure infrastructure.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-communication-security.md ...develop/threat-modeling-tool-communication-security.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example Powershell Heavy
Summary
The documentation page demonstrates a Windows bias by prioritizing Windows-centric technologies (e.g., ASP.NET, WCF, SQL Server, SMB, Windows Azure references) and providing examples and recommendations that are specific to Windows environments. There is a lack of Linux-specific guidance, tools, or code samples, and Windows tools and patterns (such as web.config, URL Rewrite, ServicePointManager, and SMB clients for Windows) are mentioned exclusively or before any Linux equivalents. No Linux command-line or configuration examples are provided, and the code samples are in C#/.NET, which are primarily used in Windows environments.
Recommendations
  • Add Linux-specific examples for enforcing HTTPS (e.g., using Nginx or Apache configuration snippets).
  • Include guidance for certificate validation and pinning in Linux environments (e.g., using OpenSSL, curl, or Python).
  • Mention Linux-compatible SMB clients (e.g., smbclient, mount.cifs) and how to enable SMB 3.x encryption on Linux.
  • Provide parity for SQL Server connection encryption and validation using Linux tools (e.g., sqlcmd on Linux, ODBC configuration).
  • Offer code samples in cross-platform languages (e.g., Python, Java) and frameworks that run natively on Linux.
  • Reference Linux documentation and tools alongside Windows ones, ensuring equal visibility and guidance.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-authorization.md ...security/develop/threat-modeling-tool-authorization.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Windows First Missing Linux Example
Summary
The documentation demonstrates a bias toward Windows technologies and patterns, particularly in sections related to WCF and ASP.NET Web API. Examples and configuration snippets are exclusively for Windows-centric frameworks (WCF, .NET, ASP.NET), with references to Windows roles and groups (e.g., 'Builtin\Administrators') and configuration files (machine.config, app.config) that are specific to Windows environments. There are no equivalent examples or guidance for Linux-based stacks, open-source alternatives, or cross-platform implementations. The documentation also references Microsoft-specific identity providers (ADFS, Entra ID) without mentioning open standards or Linux-compatible solutions.
Recommendations
  • Include equivalent examples for Linux-based technologies (e.g., using Flask/Django for web APIs, or gRPC for service communication).
  • Provide guidance on implementing authorization using open standards (OAuth2, OpenID Connect) and open-source identity providers (Keycloak, Auth0).
  • Add examples for configuring ACLs and least privilege on Linux (e.g., using chmod, setfacl, sudoers).
  • Mention cross-platform approaches and tools where possible, and avoid presenting Windows-specific solutions as the default or only option.
  • Reference Linux and open-source documentation alongside Microsoft Docs to improve parity.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-exception-management.md ...y/develop/threat-modeling-tool-exception-management.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page demonstrates a strong Windows bias by exclusively referencing Windows-centric technologies (WCF, ASP.NET, IIS), configuration files (web.config, machine.config), and tools. All code and configuration examples are for .NET/ASP.NET, with no mention of Linux equivalents (e.g., Apache, Nginx, Mono, .NET Core on Linux). IIS is referenced as the default deployment and error handling platform, and all mitigation steps and references are tailored to Windows environments. There are no examples or guidance for Linux-based deployments or cross-platform .NET implementations.
Recommendations
  • Add equivalent examples for Linux-based deployments, such as configuring error handling in Apache/Nginx or .NET Core on Linux.
  • Include cross-platform .NET Core examples, especially for exception handling and configuration.
  • Reference Linux tools and configuration files (e.g., systemd, environment variables, appsettings.json) alongside Windows/IIS examples.
  • Provide guidance for deploying and securing applications on Linux web servers, not just IIS.
  • Clarify which recommendations are Windows-specific and offer alternatives for Linux environments.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/antimalware.md ...lob/main/articles/security/fundamentals/antimalware.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example Powershell Heavy 🔧 Windows Tools
Summary
The documentation is heavily biased towards Windows environments. All examples, deployment scenarios, and configuration instructions are exclusively for Windows Server and Windows-based Azure services. PowerShell is the only automation tool referenced, and all code samples and extension instructions are Windows-centric. Linux is explicitly listed as unsupported, and there are no equivalent instructions, tools, or recommendations for Linux VMs or services.
Recommendations
  • Clearly state Linux support status and provide guidance for Linux users, including alternative antimalware solutions for Linux VMs.
  • If Microsoft Antimalware is not available for Linux, link to recommended third-party or Azure-supported Linux antimalware solutions.
  • Provide parity in documentation structure: include sections for Linux deployment, configuration, and monitoring (even if only to explain limitations or alternatives).
  • Include CLI (az), Bash, or Python examples for automation, not just PowerShell.
  • Mention Linux-native tools and patterns where applicable, and avoid assuming Windows as the default platform in instructions and screenshots.
GitHub Create Pull Request
Previous Page 6 of 16 Next