Security

116
Total Pages
38
Linux-Friendly Pages
78
Pages with Bias
67.2%
Bias Rate

Bias Trend Over Time

Pages with Bias Issues

380 issues found
Showing 176-200 of 380 flagged pages
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/operational-security.md ...articles/security/fundamentals/operational-security.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation exhibits a Windows bias by frequently referencing Windows-specific tools, services, and patterns before mentioning Linux equivalents. Examples and descriptions often focus on Windows servers, Windows event logs, and System Center, with Linux support mentioned only as an add-on or in passing. There is a lack of explicit Linux or cross-platform examples, and Windows-centric terminology (e.g., 'Windows Azure', 'Windows event logs') is used throughout. PowerShell and other Windows management tools are referenced, while Linux CLI or shell examples are absent.
Recommendations
  • Provide explicit Linux examples and usage scenarios alongside Windows ones, such as Linux syslog integration, shell commands, and Linux agent installation steps.
  • Use neutral, cross-platform terminology (e.g., 'Azure', not 'Windows Azure') and avoid Windows-first phrasing.
  • Reference Linux management tools (e.g., Bash, SSH, Linux monitoring agents) and provide parity in instructions for both platforms.
  • Include screenshots or diagrams showing both Windows and Linux environments.
  • Highlight cross-platform capabilities and ensure that feature lists and descriptions do not prioritize Windows over Linux.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/subdomain-takeover.md ...n/articles/security/fundamentals/subdomain-takeover.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
Powershell Heavy Windows First Missing Linux Example
Summary
The documentation page demonstrates a Windows bias by exclusively referencing PowerShell scripts and tools (e.g., Get-DanglingDnsRecords.ps1) for DNS record discovery and Azure Resource Graph queries, without providing equivalent Linux/bash examples. The instructions and sample scripts are PowerShell-centric, and there is no mention of cross-platform alternatives or guidance for Linux users. This may hinder accessibility for users operating in Linux environments or those who prefer bash scripting.
Recommendations
  • Provide bash/CLI equivalents for all PowerShell scripts and commands, especially for resource discovery and DNS record management.
  • Explicitly mention cross-platform compatibility for tools and scripts, or provide links to Linux-friendly alternatives.
  • Include example workflows using Azure CLI (az) commands for identifying and remediating dangling DNS records.
  • Add notes or sections addressing Linux environments and how users can achieve parity with the documented Windows/PowerShell procedures.
  • Ensure that references to scripts or automation (e.g., service catalog creation) include both PowerShell and bash/CLI versions, or clarify any platform limitations.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/isolation-choices.md ...in/articles/security/fundamentals/isolation-choices.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 4 bias types
Detected Bias Types
🔧 Windows Tools Windows First Powershell Heavy Missing Linux Example
Summary
The documentation page demonstrates a Windows bias through repeated references to Windows-specific technologies and tools (e.g., Windows Firewall, Active Directory Federation Services, BitLocker), and by mentioning Windows solutions before Linux equivalents. Examples and explanations often center on Windows patterns, with Linux alternatives sometimes mentioned only as an afterthought or not at all. There is a lack of parity in examples, with no Linux command-line or tool usage shown, and Windows-centric terminology is prevalent throughout.
Recommendations
  • Provide Linux-specific examples and command-line usage (e.g., Azure CLI on Bash, Linux firewall tools) alongside or before Windows/Powershell examples.
  • Mention Linux technologies (such as dm-crypt, iptables, SELinux, etc.) in equal detail and prominence as Windows tools like BitLocker and Windows Firewall.
  • Ensure references to identity and access management include both Windows (ADFS, Group Policy) and Linux (SSSD, LDAP, PAM) approaches.
  • Add Linux-focused troubleshooting, diagnostics, and maintenance scenarios, not just Windows-centric ones.
  • Balance terminology by using platform-neutral language where possible (e.g., 'firewall' instead of 'Windows Firewall'), and avoid assuming Windows as the default.
  • Include links to Linux documentation and best practices for Azure, not just Windows-based guides.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/steps-secure-identity.md ...rticles/security/fundamentals/steps-secure-identity.md
High Priority View Details →
Scanned: 2026-01-08 00:53
Reviewed by: LLM Analysis
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Windows First Missing Linux Example
Summary
The documentation page demonstrates a bias toward Windows environments and tooling. It frequently references Windows-specific technologies (such as AD FS, Windows Server Active Directory, and Windows Hello for Business) and provides guidance and examples that are tailored to Windows infrastructure. There is little to no mention of Linux equivalents, cross-platform alternatives, or instructions for organizations using Linux-based identity infrastructure. The ordering and focus of recommendations also tend to prioritize Windows solutions without acknowledging or providing parity for Linux environments.
Recommendations
  • Include examples and guidance for securing Microsoft Entra ID in Linux-based environments, such as integration with Linux authentication systems (e.g., PAM, SSSD) and identity providers.
  • Mention and provide instructions for password protection and synchronization for Linux servers and directories, not just Windows Server Active Directory.
  • When discussing federation and smart lockout, reference cross-platform federation solutions (e.g., Shibboleth, Keycloak) and how they can integrate with Microsoft Entra ID.
  • Provide parity in passwordless authentication examples, such as FIDO2 security keys, which are supported on Linux, and clarify how Linux users can benefit from these features.
  • Add monitoring and alerting guidance for Linux environments, including integration with Linux-based SIEM tools and log management solutions.
  • Avoid assuming on-premises infrastructure is Windows-only; acknowledge hybrid environments that include Linux servers and provide relevant best practices.
  • Balance references to Windows tools (AD FS, Windows Hello, etc.) with Linux and cross-platform alternatives, or at least note their absence and recommend solutions for non-Windows environments.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/iaas.md ...-docs/blob/main/articles/security/fundamentals/iaas.md
High Priority View Details →
Scanned: 2025-07-19 13:51
Reviewed by: Unknown
Issues: 4 bias types
Detected Bias Types
Windows First Powershell Heavy 🔧 Windows Tools Missing Linux Example
Summary
The documentation demonstrates a Windows bias in several areas: Windows tools and terminology are often mentioned first or exclusively (e.g., BitLocker, Windows Defender, WSUS, Windows Update), PowerShell cmdlets are referenced without equivalent Linux command examples, and some best practices (such as backup and encryption) provide detailed Windows-centric steps or links while Linux alternatives are less emphasized or missing. Linux is sometimes mentioned, but examples, tooling, and detailed guidance are more comprehensive for Windows.
Recommendations
  • Provide Linux-specific examples and command-line instructions (e.g., bash, CLI, or Ansible) alongside PowerShell cmdlets.
  • When referencing Windows tools (like BitLocker, Windows Defender, WSUS), also mention and link to Linux equivalents (e.g., dm-crypt, ClamAV, unattended-upgrades, etc.) with equal detail.
  • Ensure that best practices and step-by-step guides are presented in a platform-neutral way or with parallel sections for both Windows and Linux.
  • Avoid always listing Windows first in lists or examples; alternate or present both platforms together.
  • Expand on Linux-specific Azure features (e.g., Azure Disk Encryption for Linux, Linux antimalware solutions, update management) with the same depth as Windows.
  • Include links to Linux documentation and community resources where appropriate.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/threat-detection.md ...ain/articles/security/fundamentals/threat-detection.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Powershell Heavy 🔧 Windows Tools Missing Linux Example
Summary
The documentation page exhibits a Windows bias primarily in the 'Automation and control: Alert on security configuration drifts' section, where only PowerShell and PowerShell Desired State Configuration (DSC) are mentioned for automation and configuration management. There are no references to Linux-native tools or cross-platform scripting alternatives, and no examples are provided for Linux users. Additionally, the mention of 'malicious PowerShell scripts' as a threat vector is not balanced with equivalent Linux scripting threats (e.g., Bash scripts).
Recommendations
  • Include examples and references for Linux-native automation tools, such as Bash scripts, Ansible, or Chef, alongside PowerShell/DSC.
  • Mention and provide guidance for using Azure Automation with Linux VMs, including supported scripting languages and configuration management options.
  • Balance the discussion of scripting threats by mentioning Linux shell scripts and common Linux attack vectors in addition to PowerShell.
  • Where PowerShell is referenced, clarify cross-platform support (e.g., PowerShell Core on Linux) and provide Linux-specific usage notes or examples.
  • Ensure that all configuration and automation guidance is presented in a cross-platform manner, or provide parallel instructions for both Windows and Linux environments.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-73211082.md ...rity/develop/threat-modeling-tool-releases-73211082.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation is heavily Windows-centric: all installation instructions, error messages, and workarounds reference Windows-specific tools and patterns (e.g., ClickOnce, Windows Menu shortcuts). Only Windows is listed as a supported OS, with no mention of Linux or cross-platform alternatives. There are no Linux examples, troubleshooting steps, or parity in system requirements.
Recommendations
  • Explicitly state if Linux is unsupported, or provide information on Linux compatibility/workarounds if possible.
  • If feasible, offer Linux installation instructions or alternatives (e.g., via Mono, Wine, or a native Linux version).
  • Include troubleshooting steps and error messages relevant to Linux users, or clarify that the tool is Windows-only.
  • Avoid assuming the presence of Windows-specific features (like the Windows Menu) without noting their absence on other platforms.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-73003161.md ...rity/develop/threat-modeling-tool-releases-73003161.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page exclusively references Windows as the supported operating system, with no mention of Linux or cross-platform compatibility. All system requirements and download instructions are Windows-specific, and there are no examples or guidance for Linux users. The tool appears to be Windows-only, and this is reflected throughout the documentation.
Recommendations
  • Explicitly state if the tool is Windows-only, and if so, provide rationale or roadmap for Linux/macOS support.
  • If Linux support is possible (e.g., via Mono or Wine), include installation and usage instructions for Linux.
  • If the tool is not available on Linux, suggest alternative threat modeling tools that are cross-platform.
  • Ensure future documentation includes parity in examples, instructions, and troubleshooting for all supported platforms.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-73310263.md ...rity/develop/threat-modeling-tool-releases-73310263.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation exclusively references Windows environments, both in system requirements and in usage instructions (e.g., using Windows Menu shortcuts, ClickOnce installer). There are no mentions of Linux or cross-platform support, nor are alternative installation or usage instructions provided for non-Windows users.
Recommendations
  • Explicitly state if the tool is Windows-only, or provide information about Linux/macOS support or lack thereof.
  • If possible, offer Linux/macOS installation instructions or workarounds (e.g., via Wine, virtualization, or alternative tools).
  • Include notes on cross-platform compatibility in the system requirements section.
  • If the tool is not available on Linux, suggest comparable open-source or Microsoft-supported threat modeling tools for Linux users.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-73306305.md ...rity/develop/threat-modeling-tool-releases-73306305.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation exclusively references Windows environments, both in system requirements and in usage instructions (e.g., 'Windows Menu', ClickOnce installer, Windows file paths). There are no mentions of Linux or cross-platform support, nor are there alternative instructions or examples for non-Windows users.
Recommendations
  • Explicitly state if the tool is Windows-only, or clarify platform support.
  • If Linux or macOS support is possible or planned, provide installation and usage instructions for those platforms.
  • If the tool is not supported on Linux, suggest alternatives or workarounds for Linux users (such as running via Wine or using similar open-source tools).
  • Avoid referencing Windows-specific UI elements (e.g., 'Windows Menu') without noting the absence of equivalents on other platforms.
  • Include a section on platform compatibility and address common questions from non-Windows users.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-73007291.md ...rity/develop/threat-modeling-tool-releases-73007291.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation exclusively references Windows operating systems, Windows-specific installation mechanisms (ClickOnce), and Windows UI elements (Windows Menu). There is no mention of Linux or macOS support, nor are any cross-platform installation instructions or troubleshooting steps provided.
Recommendations
  • Clearly state platform support, including whether Linux or macOS are supported or not.
  • If the tool is Windows-only, explicitly mention this early in the documentation to set user expectations.
  • If cross-platform support is planned or available, provide installation and troubleshooting steps for Linux/macOS, including equivalent commands and UI references.
  • Where possible, use platform-neutral language or provide parallel instructions for all supported platforms.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases.md ...cles/security/develop/threat-modeling-tool-releases.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation exclusively targets Windows users, specifying only Windows as a supported operating system and requiring .NET 4.7.1 or later. There is no mention of Linux or macOS support, nor are there any instructions or examples for running the tool on non-Windows platforms. The download and installation instructions are Windows-specific, and the tool itself appears to be a Windows application.
Recommendations
  • Clearly state in the documentation whether Linux and macOS are unsupported, and if possible, provide information about alternative tools or workarounds for those platforms.
  • If there are unofficial or community-supported ways to run the tool on Linux (e.g., via Wine or Mono), document these options with appropriate caveats.
  • Consider developing and documenting a cross-platform version of the tool or providing equivalent functionality for Linux users.
  • Add a section addressing frequently asked questions about non-Windows support to improve transparency and user experience for Linux users.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-71604081.md ...rity/develop/threat-modeling-tool-releases-71604081.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page exclusively references Windows as the supported operating system, with no mention of Linux or macOS compatibility or alternatives. System requirements specify only Windows 10 and .NET Framework, both of which are Windows-centric. There are no examples, instructions, or notes for Linux users, nor any mention of cross-platform support or workarounds.
Recommendations
  • Clearly state if the tool is Windows-only, and if so, suggest alternatives or workarounds for Linux users (e.g., running via Wine, using a VM, or recommending open-source cross-platform threat modeling tools).
  • If Linux support is planned or possible, include installation and usage instructions for Linux.
  • Add a section addressing platform support explicitly, so non-Windows users are not left uncertain.
  • If the tool is not cross-platform, consider providing links to comparable Linux-compatible tools in the documentation.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-73002061.md ...rity/develop/threat-modeling-tool-releases-73002061.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation exclusively references Windows as the supported operating system and requires the .NET Framework (not .NET Core), which is primarily Windows-centric. There are no mentions of Linux or cross-platform support, nor are there any Linux installation or usage instructions. All examples, requirements, and download links assume a Windows environment.
Recommendations
  • Clearly state if the tool is Windows-only, or provide information about Linux/macOS support if available.
  • If cross-platform support is planned or possible (e.g., via .NET Core or Mono), include installation and usage instructions for Linux.
  • Add troubleshooting or compatibility notes for non-Windows users.
  • If the tool is not supported on Linux, suggest alternative tools or workarounds for Linux users.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-73007142.md ...rity/develop/threat-modeling-tool-releases-73007142.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation page exclusively lists Windows 10 as the supported operating system, with no mention of Linux or macOS support or alternatives. All requirements and download instructions are Windows-centric, and there are no examples or guidance for Linux users.
Recommendations
  • Clearly state if the tool is Windows-only, and if so, mention any workarounds (e.g., running via Wine or in a VM) for Linux users.
  • If cross-platform support is planned or available, provide installation and usage instructions for Linux (and macOS) alongside Windows.
  • Include a section addressing Linux users, even if only to acknowledge the lack of native support and suggest alternatives or similar tools available on Linux.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-auditing-and-logging.md ...y/develop/threat-modeling-tool-auditing-and-logging.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation page demonstrates a Windows bias by referencing Windows-specific tools and patterns (e.g., Windows ACLs, WCF/.NET configuration) without providing Linux or cross-platform equivalents. Examples and guidance are oriented toward Windows environments, and there is a lack of Linux-specific instructions or examples for common tasks like log file permissions or log rotation. The only detailed configuration examples are for Windows technologies (WCF), and Windows terminology (ACL) is used exclusively when discussing file access control.
Recommendations
  • For sections discussing file permissions (e.g., 'Ensure that Audit and Log Files have Restricted Access'), include Linux/Unix equivalents such as chmod, chown, and setfacl, and provide example commands.
  • When referencing log rotation, mention and provide examples for Linux tools such as logrotate, and describe how to configure them.
  • For logging and auditing in web applications, provide examples using popular cross-platform frameworks (e.g., Node.js, Python, Java) and mention logging best practices for both Windows and Linux deployments.
  • Where WCF/.NET examples are given, consider adding parallel examples for cross-platform frameworks (e.g., gRPC, REST APIs implemented in other languages) and how to configure logging/auditing in those environments.
  • Replace or supplement Windows-specific terminology (e.g., 'Windows ACL') with platform-neutral language or include Linux equivalents (e.g., 'file permissions and access control lists (ACLs) on Linux using chmod/setfacl').
  • Explicitly state when a mitigation or recommendation is platform-specific, and provide alternative guidance for other platforms where appropriate.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/secure-develop.md .../blob/main/articles/security/develop/secure-develop.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation page demonstrates a moderate Windows bias. It references Windows-specific tools and patterns (such as Visual Studio for code reviews, Microsoft Antimalware, and Microsoft Defender Antivirus in Windows) without mentioning Linux alternatives. The only example of browser cache location is for Internet Explorer. There are no Linux-specific examples or tool recommendations, and the documentation does not provide parity in instructions or tool suggestions for Linux environments.
Recommendations
  • When mentioning Visual Studio for code reviews, also reference cross-platform or Linux-friendly alternatives such as VS Code, GitHub pull requests, or GitLab merge requests.
  • For static code analysis, include examples of popular open-source tools that are commonly used on Linux, such as SonarQube, ESLint, or Clang Static Analyzer.
  • When discussing antimalware solutions, mention Linux-compatible endpoint protection tools and clarify which Microsoft solutions are available for Linux (e.g., Microsoft Defender for Endpoint on Linux).
  • In the section about removing standard server headers, provide links or instructions for both Windows/IIS and Linux/Apache/Nginx environments.
  • When describing browser cache folders, avoid referencing only Windows/Internet Explorer; mention cache locations for other browsers and operating systems.
  • For attack surface analysis, include Linux-compatible tools (e.g., Lynis, OpenVAS) alongside Microsoft Attack Surface Analyzer.
  • Ensure that all tool recommendations and examples have Linux equivalents or clarify platform compatibility.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-getting-started.md ...curity/develop/threat-modeling-tool-getting-started.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation exclusively describes the Microsoft Threat Modeling Tool, which is a Windows-only application. All instructions, screenshots, and workflows assume the use of a Windows environment, with references to Windows-centric features like OneDrive and Active Directory. There are no mentions of Linux or cross-platform alternatives, nor are there any examples or guidance for users on non-Windows systems.
Recommendations
  • Clearly state the platform requirements (e.g., Windows-only) at the beginning of the documentation.
  • If possible, provide information about running the tool on Linux (e.g., via Wine or virtualization), or mention any available cross-platform alternatives.
  • Include guidance for Linux users on how to collaborate with Windows users (e.g., file formats, sharing reports).
  • Reference non-Windows equivalents for features like OneDrive (e.g., SharePoint, Dropbox, or generic file sharing) where appropriate.
  • If the tool is not available for Linux, suggest open-source or cross-platform threat modeling tools as alternatives.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/secure-design.md ...s/blob/main/articles/security/develop/secure-design.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Missing Linux Example
Summary
The documentation demonstrates a Windows/Microsoft-centric bias by referencing Windows-specific security models (SDL), Microsoft tools (Entra ID, Key Vault, Azure DevOps), and providing links and examples that are tailored to Microsoft technologies. There is a lack of Linux-specific tools, patterns, or examples, and no mention of Linux-native security practices or open-source alternatives. The documentation assumes the reader is using the Microsoft ecosystem and does not provide parity guidance for Linux or cross-platform development.
Recommendations
  • Include Linux-native security practices and tools (e.g., SELinux, AppArmor, Linux auditd, iptables/nftables, fail2ban) alongside Microsoft solutions.
  • Provide examples and links for both Windows and Linux environments when discussing authentication, logging, key management, and error handling.
  • Reference cross-platform or open-source alternatives to Microsoft tools (e.g., HashiCorp Vault for secrets management, OpenLDAP for identity, Jenkins/GitLab CI for DevOps).
  • Explicitly mention how Azure services integrate with Linux-based applications and provide links to relevant Linux documentation.
  • Balance the order of presentation so that Linux and open-source options are mentioned alongside or before Windows/Microsoft-specific solutions.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-cryptography.md .../security/develop/threat-modeling-tool-cryptography.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 4 bias types
Detected Bias Types
Windows First 🔧 Windows Tools Powershell Heavy Missing Linux Example
Summary
The documentation demonstrates a strong Windows bias. It consistently references Windows-specific cryptographic APIs (CNG, CAPI, Win32/64, .NET), Windows-only features (BitLocker, Group Policy, SSIS, SQL Server EKM, Always Encrypted), and Windows IoT Core. Examples and recommendations are almost exclusively for Windows environments, with only brief mentions of Apple and Java/Android APIs, and no Linux-specific tools, APIs, or examples. Linux cryptographic practices, tools (e.g., OpenSSL, GnuPG), and equivalents to Windows features are not discussed or referenced.
Recommendations
  • Add Linux-specific cryptographic API and tool recommendations (e.g., OpenSSL, /dev/urandom, GnuPG, dm-crypt/LUKS for disk encryption).
  • Provide code examples for Linux environments (e.g., using OpenSSL CLI or libraries in C/Python).
  • Reference Linux equivalents for Windows features (e.g., LUKS for BitLocker, systemd-cryptsetup for encrypted volumes, Linux TPM stack).
  • Include guidance for cross-platform .NET Core/5+ cryptography APIs that work on Linux and macOS, not just Windows.
  • Mention Linux/Unix device management and encryption policies where relevant (e.g., mobile device management, disk encryption).
  • Balance the order of presentation so that Windows and Linux/Unix approaches are given equal prominence.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-71510231.md ...rity/develop/threat-modeling-tool-releases-71510231.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
🔧 Windows Tools Missing Linux Example Windows First
Summary
The documentation exclusively references Microsoft Windows as the supported operating system and does not mention Linux or macOS compatibility, installation, or usage. All system requirements and instructions are Windows-centric, with no examples or alternatives for Linux users.
Recommendations
  • Clearly state if the tool is Windows-only, and if so, mention the lack of Linux/macOS support explicitly.
  • If possible, provide information about running the tool on Linux (e.g., via Wine or virtualization), or mention any planned cross-platform support.
  • Include a section addressing Linux/macOS users, even if only to acknowledge the limitation and suggest alternatives or workarounds.
  • If there are command-line or scripting examples, provide Linux/bash equivalents alongside Windows/PowerShell examples.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-73309251.md ...rity/develop/threat-modeling-tool-releases-73309251.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation exclusively references Windows operating systems, Windows-specific installation patterns (ClickOnce, Windows Menu shortcuts), and does not mention Linux or provide any Linux-specific instructions or alternatives. All examples and requirements are Windows-centric, with no indication of cross-platform support or guidance.
Recommendations
  • Clarify explicitly if the Threat Modeling Tool is Windows-only; if so, state this clearly at the top of the documentation.
  • If Linux or cross-platform support is planned or available, provide equivalent installation instructions and troubleshooting steps for Linux users.
  • Mention alternative installation methods or compatibility notes for non-Windows environments, even if only to state that they are not supported.
  • Avoid assuming the presence of Windows-specific features (e.g., Windows Menu shortcuts, ClickOnce) without noting their absence on other platforms.
  • Include a section in 'System requirements' that addresses Linux and macOS, even if only to state they are not supported.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-communication-security.md ...develop/threat-modeling-tool-communication-security.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 4 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools Powershell Heavy
Summary
The documentation demonstrates a Windows bias by focusing on Windows-centric technologies (e.g., ASP.NET, WCF, SQL Server, SMB 3.x for Windows), providing configuration and code examples only for Windows/.NET environments, and referencing Windows tools and patterns (e.g., web.config, URL Rewrite, ServicePointManager, Windows-specific SMB clients) without offering Linux or cross-platform alternatives. There are no Linux command-line, configuration, or code examples, and Linux tools or deployment scenarios are not discussed.
Recommendations
  • Provide equivalent Linux examples for enforcing HTTPS (e.g., using Nginx or Apache configuration snippets for HSTS and HTTPS redirects).
  • Include code samples in cross-platform languages (e.g., Python, Java, Node.js) for certificate pinning and HTTPS enforcement, not just C#/.NET.
  • Mention and link to Linux-compatible tools and clients (e.g., smbclient for SMB 3.x, OpenSSL for certificate validation, sqlcmd for SQL Server on Linux).
  • When describing configuration (e.g., web.config, URL Rewrite), also describe how to achieve the same on Linux-based web servers.
  • Avoid assuming Windows as the default environment; explicitly state when guidance is Windows-specific and provide Linux alternatives where possible.
  • Reference documentation for Linux deployments of Azure services (e.g., connecting to Azure SQL from Linux, securing Redis from Linux clients).
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/develop/threat-modeling-tool-releases-73209279.md ...rity/develop/threat-modeling-tool-releases-73209279.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 3 bias types
Detected Bias Types
Windows First Missing Linux Example 🔧 Windows Tools
Summary
The documentation exclusively references Windows operating systems and Windows-specific installation patterns (e.g., ClickOnce, Windows Menu shortcuts). There are no mentions of Linux or cross-platform support, nor are there alternative instructions or requirements for non-Windows environments.
Recommendations
  • Clearly state in the system requirements section whether Linux (or macOS) is supported or not. If not, explicitly mention Windows-only support.
  • If Linux is or will be supported, provide equivalent installation and troubleshooting instructions for Linux users.
  • Include information about any cross-platform alternatives or workarounds, such as running the tool via Wine or using similar open-source tools on Linux.
  • Avoid Windows-specific terminology (like 'Windows Menu') without clarifying that these instructions are for Windows users only.
  • If the tool is Windows-only, suggest alternative threat modeling tools available for Linux in the documentation.
GitHub Create Pull Request
Security https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/security/fundamentals/antimalware.md ...lob/main/articles/security/fundamentals/antimalware.md
High Priority View Details →
Scanned: 2025-07-13 21:37
Reviewed by: Unknown
Issues: 4 bias types
Detected Bias Types
Missing Linux Example Windows First 🔧 Windows Tools Powershell Heavy
Summary
The documentation is heavily biased towards Windows environments. All deployment, configuration, and removal instructions are specific to Windows Server operating systems, with no support or examples for Linux. All code samples and automation are provided exclusively via PowerShell cmdlets, and the documentation repeatedly references Windows tools (Azure portal, Visual Studio, Windows event logs) without mentioning or providing parity for Linux users. Linux is explicitly called out as unsupported, but the lack of any alternative guidance or comparable tooling for Linux users further reinforces the Windows-centric nature of the documentation.
Recommendations
  • Clearly state early in the documentation that Microsoft Antimalware for Azure does not support Linux, and suggest alternative antimalware solutions for Linux VMs in Azure.
  • If possible, provide links or references to recommended antimalware solutions for Linux on Azure, such as third-party extensions or Microsoft Defender for Endpoint (Linux).
  • Where PowerShell is used for automation, suggest or provide equivalent Azure CLI or REST API examples, which are cross-platform and usable from Linux.
  • Add a section comparing antimalware options for both Windows and Linux in Azure, with guidance on how to achieve similar protection and monitoring on Linux VMs.
  • Ensure that all tooling and configuration guidance is inclusive of both Windows and Linux users, or clearly indicate when a feature is Windows-only.
GitHub Create Pull Request
Previous Page 8 of 16 Next