Microsoft Threat Modeling Tool GA Release
We are excited to announce the Microsoft Threat Modeling Tool is now available to download as a supported generally available (GA) release. This release contains important privacy and security updates as well as bug fixes, feature updates, and stability improvements. Existing users of the 2017 Preview version will be prompted to update to the latest release through the ClickOnce technology upon opening the client. For new users of the tool, please click here to download the client.
With this release, we are ending support for the 2017 Preview and recommend all users of the Preview update to the GA release. On or after October 15th 2018, we will set the minimum required ClickOnce version for the Threat Modeling Tool, and all Preview clients will be required to upgrade.
The Microsoft Threat Modeling Tool 2016, which is available from the Microsoft Download Center, remains supported until October 1st, 2019 for critical security fixes only.
Azure Stencil Updates
Additional Azure stencils and their associated threats and mitigations have been added to the stencil set shipping with this release. Significant changes were made in the focus areas of “Azure App Services”, “Azure Database Offerings”, and “Azure Storage.”
OneDrive Integration Feature Removed
The “Save To OneDrive”, “Open From OneDrive”, and “Share a Link” features of the Preview have been removed. Users of OneDrive are encouraged to use Microsoft’s OneDrive for Windows client to access their files stored on OneDrive through the standard file save and open dialogs.
Notable Fixed Bugs Reported By Customers
In TMT Preview, the tool crashes when using the standard template
When a Generic stencil (e.g. “Generic Data Flow”) is added to the drawing surface and generates threats, the tool may crash. This issue has been fixed.
In TMT Preview, when I save a report or copy the threats, the risk levels are incorrect
If a user modifies the Risk level of specific threats and then saves a report or copies the risks, the risk level may revert to “High”. This issue has been fixed.
Known Issues and FAQ
Users of high-resolution screens may experience small text in the threat properties
In the Analysis View of the tool, if the user has a high-resolution screen that is set by default to magnify for readability in Windows, the “Possible Mitigation(s)” section of a threat may appear with very small text.
The user can click on the mitigation text and use the standard Windows zoom control (Crtl-Mouse Wheel Up) to increase the magnification of that section.
Files in the “Recently Opened Models” section of the main window may fail to open
The “Open From OneDrive” feature of the Preview release has been removed. Users with “Recently Opened Models” that were saved to OneDrive will receive the following error.
Users of OneDrive are encouraged to use Microsoft’s OneDrive for Windows client to access their files stored on OneDrive through the standard and “Open a model” dialog.
My organization uses the 2016 version of the tool, can I use the Azure stencil set?
Yes, you can! The Azure stencil set is available on github, and can be loaded in the 2016 version of the tool. To create a new model with the Azure stencil set, use the “Template For New Models” dialog on the main menu screen.
Note: TMT 2016 cannot render the links found in the “Possible Mitigations” fields of the Azure stencil set, therefore you may see links displayed as HTML tags.
Supported Operating Systems
- Microsoft Windows 10
- An Internet connection is required to receive updates to the tool as well as templates.
Documentation and Feedback
As always, we need your feedback! If you encounter any issues using the tool please report them to firstname.lastname@example.org. We hope you enjoy using this release!