Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 1,048 matching terms. Narrow the search to reduce the list.
Storage
premium
Access control list inheritance
ACL inheritance in ADLS Gen2 means new files and folders can receive default permissions from a parent directory. It is not a magic fix for existing data; changing a default ACL affects future children unless you also update existing paths.
Azure Storage
intermediate
4 commands
Aliases: ACL inheritance
Quick peek
Open full term page
Storage
premium
Access ACL
An access ACL is path-level permission in ADLS Gen2. It decides who can read, write, or traverse a file or directory. It works alongside Azure RBAC, so storage access often depends on both role assignments and ACL entries.
Data Lake Storage Gen2
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Conditional Access
Conditional Access is the rule system that decides what a user, workload, or agent must prove before getting into an application. It is not just an MFA switch. A policy can ask who is signing in, where the request comes from, what device is used, which app is targeted, and whether risk signals look suspicious. Then it can allow access, block it, require stronger authentication, demand a compliant device, or.
Access control
fundamentals
4 commands
Aliases: Conditional Access, Microsoft Entra Conditional Access, conditional-access, Entra Conditional Access
Quick peek
Open full term page
Analytics
learning-path-anchor
Databricks metastore
The top-level Unity Catalog container for catalogs, schemas, tables, volumes, models, functions, and governance permissions.
Databricks
intermediate
4 commands
Aliases: Unity Catalog metastore, Databricks Unity Catalog metastore, metastore
Quick peek
Open full term page
AI and Machine Learning
premium
Azure OpenAI resource
An Azure OpenAI resource is the Azure control-plane boundary that hosts deployments, endpoints, access, networking, and billing context.
Azure OpenAI
fundamentals
12 commands
Aliases: No aliases yet
Quick peek
Open full term page
AI and Machine Learning
premium
Faceted navigation
Faceted navigation is an Azure AI Search pattern where query responses include facet buckets that users select to narrow search results by fields such as category, location, price, or date. Teams use it to help users explore large result sets through visible refiners instead of typing exact terms or manually paging through every matching document. It is not a ranking algorithm, semantic answer, vector search method, access-control system, or guarantee that facet counts represent information a user is authorized to see.
Azure AI Search
intermediate
6 commands
Aliases: facets, search facets, facet navigation, Azure AI Search facets, refiners
Quick peek
Open full term page
Analytics
premium
Synapse SQL administrator
A Synapse SQL administrator is the Synapse RBAC role focused on serverless SQL access and SQL artifacts. It grants broad serverless SQL pool permissions plus create, read, update, and delete access to published SQL scripts, credentials, and linked services within a workspace.
Synapse Analytics
intermediate
6 commands
Aliases: Synapse SQL Administrator, Synapse SQL admin, SQL administrator in Synapse, Synapse SQL admin role
Quick peek
Open full term page
Web
premium
App Service auth token store
An App Service Authentication feature that stores provider tokens for signed-in users so application code can access them through the built-in authentication flow. It helps learners understand where the concept appears in Azure operations and what to verify before changing it.
App Service
intermediate
5 commands
Aliases: app service auth token store, auth token store
Quick peek
Open full term page
Containers
premium
Azure Container Registry
A managed private registry service for building, storing, and managing container images and OCI artifacts for container deployments.
Container images
fundamentals
5 commands
Aliases: ACR
Quick peek
Open full term page
Analytics
premium
Azure Databricks Unity Catalog
A unified governance layer in Azure Databricks for data and AI assets, including catalogs, schemas, tables, volumes, models, privileges, and lineage.
Data governance
intermediate
5 commands
Aliases: Unity Catalog
Quick peek
Open full term page
Storage
premium
Data Lake path ACL
A Data Lake path ACL is the access control list applied to a file or directory path in Azure Data Lake Storage Gen2 for fine-grained permissions.
Data Lake Storage Gen2
intermediate
5 commands
Aliases: ADLS path ACL, Data Lake path access control, path access control list, data-lake-path-ac
Quick peek
Open full term page
Storage
premium
General-purpose v2 storage account
General-purpose v2 storage account is an Azure Storage account resource using the StorageV2 kind to host common storage services under one managed namespace. Teams use it to provide durable storage for applications while centralizing endpoints, redundancy, encryption, lifecycle management, networking, monitoring, and access control. In daily Azure work, it appears when engineers provision blob containers, file shares, queues, tables, static websites, backups, application artifacts, or Data Lake Gen2-enabled storage in a landing zone. It is not a specific blob container, an unlimited performance guarantee, an identity provider, or a safe design unless access, networking, and data protection are configured.
Storage accounts
beginner
5 commands
Aliases: Azure general-purpose v2 storage account, GPv2 storage account, StorageV2 storage account
Quick peek
Open full term page
Integration
premium
Integration account
Integration account controls where Logic Apps stores reusable B2B artifacts that workflows use to translate, validate, sign, decode, encode, or route enterprise messages. Teams see it in logic apps workflows, integration account artifacts. It is not a Logic App workflow, an Azure Storage account, an API connection, an Integration Service Environment, or a general-purpose document repository; confusing them can create failed EDI exchanges, expired certificates. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Enterprise integration
Intermediate
5 commands
Aliases: Logic Apps integration account, enterprise integration account, B2B artifact account, EDI artifact store
Quick peek
Open full term page
Security
premium
Key
Key controls how protected workloads use cryptographic material for encryption, signing, key wrapping, customer-managed keys, and regulated data protection. Teams see it in key vault keys, managed hsm keys. It is not a password, secret value, certificate, storage account key, shared access signature, or application configuration setting; confusing them can create failed encryption operations, accidental key deletion. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Secrets and cryptography
Fundamentals
5 commands
Aliases: Azure Key Vault key, cryptographic key, key object, encryption key
Quick peek
Open full term page
Security
premium
Key Vault
Azure Key Vault is a cloud service for storing and controlling access to secrets, keys, and certificates. It helps applications, administrators, and automation protect sensitive values with encryption, access control, logging, purge protection, private networking, and managed integration across Azure workloads.
Secrets and keys
Fundamentals
5 commands
Aliases: Key Vault, Azure Key Vault, vault, secrets store, certificate vault, secure secrets store, key vault resource
Quick peek
Open full term page
Storage
premium
POSIX ACL
Azure Data Lake Storage supports POSIX-like access control lists on files and directories. Each ACL entry associates a user, group, service principal, or managed identity with permissions, so fine-grained authorization can complement broader Azure RBAC roles on the storage account.
Data Lake Storage Gen2
fundamentals
5 commands
Aliases: ADLS ACL, Azure Data Lake ACL, Data Lake POSIX ACL, path ACL
Quick peek
Open full term page
Management and Governance
premium
Resource group
A resource group is an Azure Resource Manager container that holds related resources for a solution.
Azure scope
fundamentals
5 commands
Aliases: RG, Azure resource group
Quick peek
Open full term page
AI and Machine Learning
premium
Azure AI Search service
Azure AI Search service is the Azure resource that hosts Azure AI Search indexes, indexers, skillsets, keys, capacity, networking, and query endpoints.
AI platform and search
intermediate
4 commands
Aliases: AI Search resource, AI Search service, Azure Search service, Search service, search service
Quick peek
Open full term page
Databases
premium
Azure SQL transparent data encryption
Azure SQL Transparent Data Encryption helps protect Azure SQL Database data, log files, and backups at rest by encrypting and decrypting database pages without requiring application changes.
Azure SQL Database
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
Cosmos DB firewall
Azure Cosmos DB firewall controls inbound access to a Cosmos DB account by allowing selected IP addresses, IP ranges, Azure services, or virtual network paths.
Azure Cosmos DB
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Default ACL
A default ACL in Azure Data Lake Storage Gen2 is an ACL entry on a directory that new child files and directories inherit when they are created under that directory.
Data Lake Storage Gen2
intermediate
4 commands
Aliases: default access control list, ADLS Gen2 default ACL, directory default ACL
Quick peek
Open full term page
Management and Governance
premium
Deployment stack
A deployment stack is an Azure Resource Manager resource that manages a group of resources deployed from a Bicep or ARM template, including lifecycle tracking, unmanaged-resource handling, and optional deny settings.
Infrastructure as code
intermediate
4 commands
Aliases: Azure deployment stack, Bicep deployment stack, Microsoft.Resources/deploymentStacks, ARM deployment stack
Quick peek
Open full term page
AI and Machine Learning
premium
Machine Learning component
A Machine Learning component is a reusable Azure Machine Learning pipeline building block with defined inputs, outputs, code, command, and environment. Components can be authored in YAML, Python, or designer workflows and reused across pipeline jobs to standardize training, evaluation, and deployment logic.
Machine learning
intermediate
4 commands
Aliases: Azure ML component, ML component
Quick peek
Open full term page
AI and Machine Learning
premium
Machine Learning compute instance
A Machine Learning compute instance is a managed cloud workstation inside Azure Machine Learning for notebooks, development, testing, and lightweight training. It gives one owner an integrated environment connected to the workspace, while administrators manage access, networking, schedules, and cost controls.
Machine learning
intermediate
4 commands
Aliases: Azure ML compute instance, ML compute instance
Quick peek
Open full term page
AI and Machine Learning
premium
Machine Learning data asset
A Machine Learning data asset is a named, versioned reference to data used by Azure Machine Learning jobs. It can point to files, folders, or MLTable definitions so teams can reuse training data without remembering raw storage paths. That context supports safer operational decisions.
Machine learning
intermediate
4 commands
Aliases: Azure ML data asset, ML data asset
Quick peek
Open full term page
AI and Machine Learning
premium
Machine Learning environment
A Machine Learning environment defines the software context for Azure Machine Learning training or inferencing. It captures packages, variables, Docker images, conda settings, and other runtime details so jobs can run reproducibly across compute targets. That context supports safer operational decisions.
Machine learning
intermediate
4 commands
Aliases: Azure ML environment, ML environment
Quick peek
Open full term page
AI and Machine Learning
premium
Machine Learning job
A Machine Learning job is a submitted unit of work in Azure Machine Learning, such as command, sweep, pipeline, or AutoML execution. Jobs run code on selected compute, consume inputs, produce outputs, and record logs, metrics, lineage, and status. That context supports safer operational decisions.
Machine learning
intermediate
4 commands
Aliases: Azure ML job, ML job
Quick peek
Open full term page
AI and Machine Learning
premium
Machine Learning model registry
A Machine Learning model registry organizes registered, versioned model assets in Azure Machine Learning. It helps teams track trained models, metadata, lineage, tags, versions, and deployment candidates so MLOps workflows can promote or roll back models safely. That context supports safer operational decisions.
Machine learning
advanced
4 commands
Aliases: Azure ML model registry, ML model registry
Quick peek
Open full term page
AI and Machine Learning
premium
Machine Learning workspace
A Machine Learning workspace is the top-level Azure Machine Learning resource. It centralizes jobs, logs, metrics, outputs, models, environments, components, data assets, datastores, compute references, and collaboration settings so teams can build, train, track, and deploy machine learning work. That context supports safer operational decisions.
Machine learning
fundamentals
4 commands
Aliases: Azure ML workspace, ML workspace
Quick peek
Open full term page
Identity
premium
Microsoft Entra ID
Microsoft Entra ID is the cloud identity platform that stores tenant identities and provides authentication, authorization, application registration, and access governance for Azure. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Identity platform
fundamentals
4 commands
Aliases: Entra ID, Azure Active Directory, Azure AD, AAD
Quick peek
Open full term page
Identity
premium
Multifactor authentication
Multifactor authentication means a Microsoft Entra sign-in control that requires two or more verification factors before access is granted. You see it when teams protect Azure portal access, privileged roles, risky sign-ins, and sensitive applications from password-only compromise. Think of it as stronger proof of user identity during sign-in, not a replacement for least privilege or role review. It matters because the setting changes how teams design, secure, operate, and troubleshoot the workload. Before changing it in production, know the owner, dependency, evidence, expected result, and rollback path.
Access control
fundamentals
4 commands
Aliases: MFA
Quick peek
Open full term page
Integration
premium
Service Bus SAS policy
A Service Bus SAS policy is a shared access authorization rule on a namespace, queue, or topic. It defines rights such as Send, Listen, or Manage and provides keys used to create shared access signature tokens or connection strings. for controlled access.
Service Bus
fundamentals
4 commands
Aliases: Azure Service Bus SAS policy, Service Bus shared access policy, Service Bus authorization rule
Quick peek
Open full term page
AI and Machine Learning
premium
AI services account key
An AI services account key is a secret key for a multi-service Azure AI or Microsoft Foundry resource. It can authenticate requests for supported services tied to that resource, making storage, rotation, and access control especially important.
Azure AI services
intermediate
3 commands
Aliases: multi-service account key, Foundry resource key, AIServices account key, Cognitive Services account key
Quick peek
Open full term page
Storage
field-manual-complete
Data Lake Storage Gen2
Data Lake Storage Gen2 is Azure Blob Storage with a hierarchical namespace enabled for analytics workloads. Microsoft Learn describes it as combining file-system style directories, ACLs, and large-scale throughput with Blob Storage durability, security, lifecycle, tiering, and ecosystem compatibility for big data scenarios.
Analytics storage
fundamentals
8 commands
Aliases: ADLS Gen2
Quick peek
Open full term page
Migration
verified
Recovery Services vault
A Recovery Services vault stores backup and site recovery data and configuration.
Backup and recovery
fundamentals
8 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
verified
Recursive ACL update
An Azure Data Lake Storage Gen2 operation that changes ACL entries across a directory tree instead of one path at a time.
Azure Storage
intermediate
6 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
field-manual-complete
Blob Storage
Blob Storage is Azure object storage for massive amounts of unstructured data such as documents, images, video, backups, logs, and application files.
Storage
advanced
5 commands
Aliases: Blob Storage, blob-storage, blob, blob-container, blob-access-tier, blob-soft-delete, blob-versioning, storage-account, account-sas, private-endpoint-for-storage, azure-files, data-lake-storage-gen2, queue-storage
Quick peek
Open full term page
Storage
verified
Path ACL
In Azure Data Lake Storage Gen2, a path ACL is a POSIX-like access control list applied to a directory or file path. It works with Azure RBAC and ownership metadata to determine which users, groups, service principals, or managed identities can traverse, read, write, or execute data.
Data Lake Storage Gen2
intermediate
5 commands
Aliases: Data Lake path ACL, ADLS Gen2 ACL, access ACL, directory ACL, file ACL, POSIX ACL
Quick peek
Open full term page
Identity
field-manual-complete
Privileged Identity Management
Privileged Identity Management, usually called PIM, is the Microsoft Entra feature that keeps powerful access from being permanently active unless someone really needs it.
Access control
fundamentals
5 commands
Aliases: PIM
Quick peek
Open full term page
Identity
verified
RBAC
Azure role-based access control is an authorization system built on Azure Resource Manager. It grants users, groups, service principals, and managed identities specific roles at management group, subscription, resource group, resource, or environment scopes so teams can apply least privilege.
Azure identity
fundamentals
5 commands
Aliases: Azure RBAC, role-based access control, role based access control
Quick peek
Open full term page
Databases
field-manual-complete
Transparent data encryption
Transparent data encryption helps protect Azure SQL Database, Azure SQL Managed Instance, and Azure Synapse Analytics by encrypting data, backups, and transaction logs at rest. Encryption and decryption happen in real time without requiring application changes, with service-managed or customer-managed key options.
Azure SQL
intermediate
5 commands
Aliases: TDE, SQL transparent data encryption, Azure SQL TDE, database encryption at rest, TDE protector
Quick peek
Open full term page
Analytics
field-manual-complete
Unity Catalog
Unity Catalog is Azure Databricks’ unified governance layer for data and AI assets. It centralizes access control, auditing, lineage, discovery, and classification across workspaces so teams can govern tables, views, volumes, functions, and models through a shared metastore and three-level namespace.
Azure Databricks
intermediate
5 commands
Aliases: Databricks Unity Catalog, Azure Databricks Unity Catalog, unified governance layer, Unity Catalog metastore
Quick peek
Open full term page
Storage
complete
Shared Key
An Azure Storage authorization method that signs requests with a storage account access key.
Access control
fundamentals
5 commands
Aliases: storage Shared Key, account key authorization, storage account key, Shared Key auth
Quick peek
Open full term page
Storage
complete
Shared Key authorization
A storage account access-control posture that allows or blocks requests authorized with account keys.
Storage accounts
fundamentals
5 commands
Aliases: allow Shared Key access, allowSharedKeyAccess, disable Shared Key, prevent Shared Key authorization
Quick peek
Open full term page
Integration
top-250-pre130-priority-upgraded
Event Grid
Azure Event Grid is an event routing service for building event-driven applications by connecting event sources with subscribers and handlers.
Azure Event Grid
fundamentals
4 commands
Aliases: Azure Event Grid, event grid
Quick peek
Open full term page
Storage
template-specs-upgraded
SAS token
A SAS token is a signed query string that grants temporary, constrained access to an Azure Storage resource without sharing the account key.
Access control
fundamentals
4 commands
Aliases: shared access signature, storage SAS, SAS URI, user delegation SAS, service SAS token
Quick peek
Open full term page
Identity
premium
Access package
An access package bundles resources someone may need for a job or project. Instead of asking separately for groups, apps, or sites, a user requests the package, and Entra applies approval, duration, review, and removal rules.
Identity operations
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Containers
premium
AKS ingress controller
Microsoft Learn explains AKS ingress through Kubernetes ingress resources and controllers that route HTTP or HTTPS traffic to services in a cluster. AKS application routing options can configure ingress controllers, DNS integration, TLS handling, and related networking components for production applications.
AKS networking
intermediate
5 commands
Aliases: AKS ingress, Ingress controller for AKS, Kubernetes ingress controller
Quick peek
Open full term page
Security
premium
Just-in-time VM access
Just-in-time VM access is the Microsoft Defender for Cloud control that locks down VM management ports and opens approved inbound access only for a limited time.
Defender for Cloud
intermediate
5 commands
Aliases: JIT VM access, Defender for Cloud JIT, just in time access, JIT network access policy
Quick peek
Open full term page
Security
premium
Key Vault access policy
Key Vault access policy controls which identities can read, write, list, delete, recover, sign, unwrap, or manage Key Vault objects when the vault uses policy-based access. Teams see it in key vault access policies blade, secret permissions. It is not Azure RBAC for Key Vault, a network firewall rule, a secret value, a certificate policy, or an application setting; confusing them can create overprivileged identities, broken secret retrieval. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Secrets and keys
Intermediate
5 commands
Aliases: access policy, vault access policy, Key Vault policy permissions, data-plane access policy
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search