Missing documentation on the stencils

[aschultz]

It's not clear what the difference between some stencils are and when they should be used. There's essentially no documentation here. A few examples:

• A process performs a ShellExecute to run and pass arguments to another application. Is this best modeled as a Generic Data Flow?
• A process uses a WebSocket to communicate with a server. Is this best modeled as a Binary data flow?
• When should I choose External Web Application vs. External Web Service vs. Megaservice?

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 8d20fd86-0574-fa1b-563e-1f1b571f9c11
• Version Independent ID: 3d3c31ea-b3e9-a610-dcda-4d047e20b57f
• Content: Microsoft Threat Modeling Tool - Azure
• Content Source: articles/security/azure-security-threat-modeling-tool-feature-overview.md
• Service: security
• GitHub Login: @jegeib
• Microsoft Alias: rodsan

[Mike-Ubezzi-MSFT]

@aschultz Thank you for the detailed inquiry. We are investigating and will update you when we accurate information to provide as a response.

[shueybubbles]

Along the same lines - is there a way to clearly delineate the differences between the threat model for a client application compared to the threat model for a service/web application? Which stencils are relevant for modeling an EXE vs modeling a cloud service?