Microsoft Threat Modeling Tool Mac

2019-1-30  A model validation toggle feature was added to the tool's Options menu. Several links in the threat properties were updated. Minor UX changes were made to the tool's home screen. The Threat Modeling Tool now inherits the TLS settings of the host operating system and is supported in environments that require TLS 1.2 or later.

-->

Version 7.1.60126.1 of the Microsoft Threat Modeling Tool was released on January 29 2019 and contains the following changes:

  • The minimum required version of .NET has been increased to .NET 4.7.1.
  • The minimum required version of Windows has been increased to Windows 10 Anniversary Update due to the .NET dependency.
  • A model validation toggle feature has been added to the tool's Options menu.
  • Several links in the Threat Properties were updated.
  • Minor UX changes to the tool's home screen.
  • The Threat Modeling Tool now inherits the TLS settings of the host operating system and is supported in environments that require TLS 1.2 or greater.

Feature changes

Model validation option

Based on customer feedback, an option has been added to the tool to enable or disable the model validation. Previously, if your template used a single unidirectional data flow between two objects, you may have received an error message in the Messages frame stating: ObjectsName requires at least one 'Any'. Disabling model validation will prevent these warnings from showing in the view.

The option to toggle model validation on and off can be found in the File->Settings->Options menu. The default value for this setting is Disabled.

System requirements

  • Supported Operating Systems
    • Microsoft Windows 10 Anniversary Update or later
  • .NET Version Required
    • .NET 4.7.1 or later
  • Additional Requirements
    • An Internet connection is required to receive updates to the tool as well as templates.

Microsoft Threat Modeling Tool Tutorial

Known issues

Unsupported systems

Issue

Users of Windows 10 systems that are unable to install .NET 4.7.1 or later, such as Windows 10 Enterprise LTSB (version 1507), will be unable to open the tool after upgrading. These older versions of Windows are no longer supported platforms for the Threat Modeling Tool, and should not install the latest update.

Microsoft threat modeling tool

Workaround

Users of Windows 10 Enterprise LTSB (version 1507) that have installed the latest update can revert to the previous version of the Threat Modeling Tool through the uninstall dialog in Apps & Features.

Documentation and feedback

  • Documentation for the Threat Modeling Tool is located on docs.microsoft.com, and includes information about using the tool.

Next steps

Download the latest version of the Microsoft Threat Modeling Tool.

-->

The Threat Modeling Tool is a core element of the Microsoft Security Development Lifecycle (SDL). It allows software architects to identify and mitigate potential security issues early, when they are relatively easy and cost-effective to resolve. As a result, it greatly reduces the total cost of development. Also, we designed the tool with non-security experts in mind, making threat modeling easier for all developers by providing clear guidance on creating and analyzing threat models.

The tool enables anyone to:

Microsoft Threat Modeling Tool Training

  • Communicate about the security design of their systems
  • Analyze those designs for potential security issues using a proven methodology
  • Suggest and manage mitigations for security issues

Here are some tooling capabilities and innovations, just to name a few:

  • Automation: Guidance and feedback in drawing a model
  • STRIDE per Element: Guided analysis of threats and mitigations
  • Reporting: Security activities and testing in the verification phase
  • Unique Methodology: Enables users to better visualize and understand threats
  • Designed for Developers and Centered on Software: many approaches are centered on assets or attackers. We are centered on software. We build on activities that all software developers and architects are familiar with -- such as drawing pictures for their software architecture
  • Focused on Design Analysis: The term 'threat modeling' can refer to either a requirements or a design analysis technique. Sometimes, it refers to a complex blend of the two. The Microsoft SDL approach to threat modeling is a focused design analysis technique

Next steps

The table below contains important links to get you started with the Threat Modeling Tool:

StepDescription
1Download the Threat Modeling Tool
2Read Our getting started guide
3Get familiar with the features
4Learn about generated threat categories
5Find mitigations to generated threats

Resources

Here are a few older articles still relevant to threat modeling today:

Check out what a few Threat Modeling Tool experts have done: