Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 930 matching terms. Narrow the search to reduce the list.
Identity
field-manual-complete
User consent
User consent is the process where a signed-in user allows an application to access protected resources on the user’s behalf. In Microsoft Entra ID, tenant settings and permission policies control whether users can grant consent and which delegated permissions are allowed.
Application consent
intermediate
5 commands
Aliases: OAuth user consent, delegated consent, application consent prompt, consent grant
Quick peek
Open full term page
Identity
premium
Admin consent
Admin consent is a Microsoft Entra approval that grants an application requested permissions, often tenant-wide, to access protected resources. In everyday Azure work, teams use it to approve SaaS apps, internal applications, or multi-tenant integrations that need permissions users cannot safely grant themselves. The useful evidence is application ID, service principal, requested scopes or app
Microsoft Entra ID
intermediate
4 commands
Aliases: tenant-wide admin consent, application permission consent, Entra admin consent
Quick peek
Open full term page
Identity
premium
Application permission
An application permission is an app-only permission, also exposed as an app role, that lets a client application access a resource without a signed-in user after consent is granted.
Identity operations
fundamentals
4 commands
Aliases: application permission
Quick peek
Open full term page
Identity
premium
Enterprise application
Enterprise application properties in Microsoft Entra ID configure the organization-specific service principal settings for an application, including user assignment, single sign-on, provisioning, and ownership.
Microsoft Entra applications
intermediate
4 commands
Aliases: Entra enterprise application, service principal application, enterprise app
Quick peek
Open full term page
Identity
premium
Consent grant
the Microsoft Entra permission approval that lets an application call an API with delegated user scopes or application roles
Identity operations
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Networking
premium
Web Application Firewall
Azure Web Application Firewall is a centralized protection service for HTTP applications. It can run with Application Gateway, Front Door, Application Gateway for Containers, or Azure CDN, using managed and custom rules to detect and block common exploits such as SQL injection and cross-site scripting.
Application security
fundamentals
6 commands
Aliases: WAF, Azure WAF, Application Gateway WAF, Front Door WAF
Quick peek
Open full term page
Networking
premium
Application Gateway
Application Gateway is an Azure web traffic load balancer for HTTP and HTTPS applications. It routes requests by host name, path, listener, rule, backend pool, and health status, and can add TLS termination and Web Application Firewall controls when those features are configured.
Application delivery
fundamentals
4 commands
Aliases: Azure Application Gateway, App Gateway, regional layer 7 load balancer, HTTP application load balancer
Quick peek
Open full term page
Networking
premium
Application Gateway backend pool
the group of backend targets that an Application Gateway can forward matched requests to after a listener and routing rule select them.
Application delivery and API edge
intermediate
4 commands
Aliases: Application Gateway backend pool, application gateway backend pool
Quick peek
Open full term page
Networking
premium
Application Gateway HTTP setting
the Application Gateway backend configuration that controls how the gateway connects to backend servers for HTTP or HTTPS requests.
Application delivery and API edge
intermediate
4 commands
Aliases: Application Gateway HTTP setting, application gateway http setting
Quick peek
Open full term page
Networking
premium
Application Gateway listener
the Application Gateway component that waits for client requests on a frontend IP address, port, protocol, and optional hostname or certificate.
Application delivery and API edge
intermediate
4 commands
Aliases: Application Gateway listener, application gateway listener
Quick peek
Open full term page
Networking
premium
Application Gateway routing rule
the Application Gateway component that connects a listener to a backend pool, backend settings, redirect, or path-based routing decision.
Application delivery and API edge
intermediate
4 commands
Aliases: Application Gateway routing rule, application gateway routing rule
Quick peek
Open full term page
Security
premium
Application Gateway WAF policy
An Application Gateway WAF policy stores Web Application Firewall configuration for Application Gateway v2. It includes managed rules, custom rules, exclusions, and policy settings, and can be associated globally, with a listener, or with a path-based rule for targeted web request inspection.
Web application firewall
intermediate
4 commands
Aliases: Application Gateway WAF policy, WAF policy for Application Gateway, Azure WAF policy, regional WAF policy
Quick peek
Open full term page
Monitoring
premium
Application Insights
Application Insights is the application performance monitoring capability in Azure Monitor. It collects OpenTelemetry or SDK telemetry such as requests, dependencies, exceptions, traces, metrics, and availability results so teams can continuously understand live application health, performance, failures, and user-impacting behavior.
Application observability
fundamentals
4 commands
Aliases: Azure Application Insights, App Insights, Azure Monitor Application Insights, application performance monitoring, APM
Quick peek
Open full term page
Management and Governance
premium
Application landing zone
An application landing zone is one or more governed Azure subscriptions for a workload environment, placed under management groups so it inherits platform policies and shared services.
Landing zones
fundamentals
4 commands
Aliases: application landing zone
Quick peek
Open full term page
Management and Governance
premium
Application tag
An application tag is a resource tag key-value pair that identifies the application, product, workload, or service associated with an Azure resource.
Tags and naming
fundamentals
4 commands
Aliases: application tag
Quick peek
Open full term page
Monitoring and Observability
premium
Application Insights connection string
An Application Insights connection string specifies the Application Insights resource and endpoints that an instrumented application uses to send telemetry.
Application Insights
fundamentals
3 commands
Aliases: APPLICATIONINSIGHTS_CONNECTION_STRING, application insights connection string
Quick peek
Open full term page
Virtual Desktop Infrastructure
premium
Application group
An Azure Virtual Desktop application group controls access to a full desktop or a logical grouping of RemoteApp applications from a host pool.
Virtual desktops
fundamentals
2 commands
Aliases: application group
Quick peek
Open full term page
Monitoring and Observability
premium
Application map
Application Map is an Application Insights view that visualizes application components and dependencies using telemetry, helping teams identify bottlenecks and failure hotspots.
Application Insights
fundamentals
2 commands
Aliases: application map
Quick peek
Open full term page
Networking
premium
Application security group
An application security group lets you group virtual machine network interfaces so network security group rules can target application roles instead of explicit IP addresses.
Network security
fundamentals
2 commands
Aliases: ASG, application security group
Quick peek
Open full term page
Web
verified
Requests in application queue
Requests In Application Queue is an Azure Monitor metric for Microsoft.Web/sites that reports how many Web App or Function App requests are waiting in the application request queue. It helps diagnose saturation, slow handlers, cold starts, thread exhaustion, or delayed scale-out.
Web App metric
intermediate
6 commands
Aliases: RequestsInApplicationQueue, App Service application queue, HTTP requests in application queue, Web App request queue metric, Function App request queue metric
Quick peek
Open full term page
Storage
learning-path-anchor
Data Lake storage account
A storage feature or access model in Data Lake Storage Gen2 that helps teams store, protect, move, and govern application or analytics data with clearer ownership, safety, and operational context.
Data Lake Storage Gen2
advanced
19 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Service principal
A service principal is the local Microsoft Entra identity for an application or automation instance in a tenant. It represents the app for sign-in, consent, and authorization, and it can receive Azure RBAC roles or API permissions without using a human user account.
Azure identity
fundamentals
6 commands
Aliases: Microsoft Entra service principal, Service principal, application service principal, automation identity, service principal, service-principal
Quick peek
Open full term page
Identity
premium
App registration
An app registration is the identity profile for an application, not the application code itself. It tells Microsoft Entra ID how the app is allowed to sign in users or request tokens. It contains values developers copy into configuration, such as client ID, tenant, redirect URI, credentials, and permissions. When sign-in breaks, consent fails, or tokens contain the wrong audience, the app registration is often where engineers look first. It is the contract between the app, Entra ID, administrators, and downstream APIs.
Applications
fundamentals
5 commands
Aliases: Microsoft Entra app registration, application registration
Quick peek
Open full term page
Identity
premium
Delegated permission
A delegated permission is a Microsoft identity platform permission that lets an application act on behalf of a signed-in user, limited by both the granted permission and the user’s own access.
Identity operations
intermediate
4 commands
Aliases: OAuth delegated permission, Microsoft Graph delegated permission, user delegated permission
Quick peek
Open full term page
AI and Machine Learning
learning-path-anchor
Synonym map
A synonym map helps Azure AI Search understand that different words can mean the same thing for search. Users may type laptop, notebook, ultrabook, or a product nickname, while the indexed document uses only one of those terms. The synonym map teaches the search service to expand or rewrite the query so relevant documents...
Azure AI Search
intermediate
5 commands
Aliases: AI Search synonym map, search synonyms, synonymMaps, equivalent terms map
Quick peek
Open full term page
AI and Machine Learning
learning-path-anchor
System message
A system message is the instruction layer that tells an Azure OpenAI chat model how it should behave before it answers the user's request. It can define the assistant's role, tone, allowed sources, formatting rules, safety boundaries, and refusal behavior. It is stronger than an ordinary user message, but it is not magic and...
Azure OpenAI
fundamentals
5 commands
Aliases: system prompt, metaprompt, developer instruction, assistant instruction
Quick peek
Open full term page
Storage
learning-path-anchor
Table service endpoint
A Table service endpoint is the address your application uses when it talks to Azure Table Storage. For a normal Azure Storage account, it looks like an account-specific table URL. That address is not just a string in a connection setting; it determines DNS resolution, firewall evaluation, private endpoint routing, TLS, SDK configuration, and what operators test during an outage. If the endpoint is wrong, the table might exist and credentials might be valid, but clients still fail to connect.
Table Storage
intermediate
5 commands
Aliases: Azure Table endpoint, Table Storage endpoint, storage table endpoint, Table data-plane endpoint
Quick peek
Open full term page
Governance
learning-path-anchor
Tag name
A tag name is the label key in an Azure tag. In Environment=Prod, Environment is the tag name and Prod is the value. The name tells people and tools what question the tag answers: who owns this, what cost center pays for it, what environment is it, or what application does it support? Good tag names are short, consistent, boring, and governed. Bad tag names create duplicate categories like CostCenter, cost-center, CostCentre, and BillingCode that fracture reports.
Resource tagging
fundamentals
5 commands
Aliases: tag key, Azure tag key, resource tag name, metadata tag name
Quick peek
Open full term page
Containers
learning-path-anchor
Target port
A target port tells Azure Container Apps where to deliver traffic inside your container. Public or internal ingress may expose an endpoint, but the app still has to listen on a specific port. If the container listens on 8080 and ingress targets 80, users may see timeouts, failed probes, or gateway errors. The setting is small, but it is often the difference between the app being deployed and the app being reachable. It should match the application startup command, Dockerfile, framework port, and health probes.
Azure Container Apps
intermediate
5 commands
Aliases: container target port, Container Apps target port, ingress targetPort, container ingress port
Quick peek
Open full term page
Monitoring and Observability
learning-path-anchor
Telemetry events
Telemetry events are breadcrumbs that say something meaningful happened in an application. They are different from raw logs because they usually have a clear event name and structured properties. A checkout completed, a document uploaded, a feature flag changed, or a device registered can all be telemetry events. In Azure Monitor Application Insights, these events help teams understand behavior, investigate incidents, and measure product outcomes. Good events are intentional, consistently named, and tied to the que
Application data
advanced
5 commands
Aliases: event telemetry, custom events, Application Insights events, Azure Monitor events
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Template expression
A template expression computes values during ARM template deployment.
ARM deployments
fundamentals
5 commands
Aliases: Template expression, template expression, Azure Template expression, ARM Template expression, ARM expressions, deployment expressions
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Template function
A template function is a built-in helper used by ARM templates or Bicep to calculate values.
ARM deployments
fundamentals
5 commands
Aliases: Template function, template function, Azure Template function, ARM Template function, ARM functions, deployment functions
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Template spec version
A template spec version is a specific immutable version of a template spec.
ARM deployments
fundamentals
5 commands
Aliases: Template spec version, template spec version, Azure Template spec version, ARM Template spec version, template spec versions, Microsoft.Resources/templateSpecs/versions
Quick peek
Open full term page
Integration
premium
Contact messages
customer-facing message exchanges that an Azure Communication Services workload sends, receives, tracks, or routes for support, notification, appointment, or service workflows
Communication Services
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
learning-path-anchor
Cosmos DB continuous backup
Azure Cosmos DB continuous backup is the backup mode that supports point-in-time restore for supported Cosmos DB resources within a configured retention tier.
Azure Cosmos DB
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Analytics
learning-path-anchor
Databricks model serving
A managed serving endpoint pattern for exposing Databricks models or AI workloads for online inference with operational controls.
Databricks
intermediate
4 commands
Aliases: Databricks Model Serving, serving endpoint, model serving endpoint
Quick peek
Open full term page
Containers
learning-path-anchor
System node pool
A system node pool is the AKS worker pool that keeps the cluster itself functioning. It hosts core Kubernetes and AKS add-on pods such as DNS, networking agents, metrics, and connectivity components. You can technically run application pods there, but experienced teams avoid that because noisy workloads can starve the services that make the...
Azure Kubernetes Service
intermediate
4 commands
Aliases: AKS system pool, system mode node pool, AKS platform node pool, kube-system node pool
Quick peek
Open full term page
Identity
learning-path-anchor
System-assigned managed identity
A system-assigned managed identity lets one Azure resource authenticate without a stored password, client secret, or certificate managed by your app team. You turn it on for a resource such as a web app, function, virtual machine, data factory, or automation account. Azure creates an identity for that resource, and the resource can request...
Managed identities
intermediate
4 commands
Aliases: system assigned identity, resource managed identity, SystemAssigned identity, managed service identity
Quick peek
Open full term page
Storage
learning-path-anchor
Table batch operation
A Table batch operation lets an application change several Azure Table entities together instead of sending separate requests and hoping they all succeed. It is useful when records belong to the same partition and must stay consistent, such as a header row plus related detail rows. The important limitation is strict: the entities must...
Table Storage
intermediate
4 commands
Aliases: entity group transaction, Table Storage batch, batch transaction, partition-scoped batch
Quick peek
Open full term page
Storage
learning-path-anchor
Table schema-less design
Table schema-less design means the table gives you a consistent place to store entities, but it does not force every entity to have the same application fields. One record can have Status and ExpirationUtc while another has RetryCount and Region. The required identity fields still matter, especially PartitionKey and RowKey. The design freedom is helpful, but it is not permission to ignore data contracts. Teams still need naming rules, versioning, validation, and reader behavior for missing or older properties.
Table Storage
fundamentals
4 commands
Aliases: schema-less Table design, schemaless table design, Azure Table sparse schema, Table Storage flexible properties
Quick peek
Open full term page
AI and Machine Learning
learning-path-anchor
Text to speech
Text to speech in Azure AI Speech converts written text or SSML into synthesized audio using neural voices, custom voice options, language support, and APIs. Teams use it to add spoken responses to apps, contact centers, accessibility tools, devices, and media workflows while governing region, keys, networking, and quota.
Azure AI services
fundamentals
4 commands
Aliases: Text to speech, text to speech, Azure Text to speech, Microsoft Learn Text to speech, TTS, speech synthesis, Azure AI Speech synthesis, neural voices, SSML speech
Quick peek
Open full term page
Integration
learning-path-anchor
Throughput unit
An Event Hubs throughput unit is a capacity setting in the Standard tier that controls how much ingress and egress a namespace can handle. Operators size TUs, enable Auto-inflate, and monitor throttling so event producers and consumers keep moving data without ServerBusy errors during traffic spikes.
Event Hubs
advanced
4 commands
Aliases: Throughput unit, throughput unit, Azure Throughput unit, Microsoft Learn Throughput unit, Event Hubs TU, TUs, Event Hubs throughput units, Auto-inflate capacity
Quick peek
Open full term page
Databases
learning-path-anchor
Cosmos DB dedicated gateway
Azure Cosmos DB dedicated gateway is provisioned server-side compute that fronts an account and enables the integrated cache for supported NoSQL workloads.
Azure Cosmos DB
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
learning-path-anchor
Cosmos DB emulator
The Azure Cosmos DB emulator provides a local environment that emulates Azure Cosmos DB for development and testing without requiring a cloud account.
Azure Cosmos DB
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
Azure SQL logical server
An Azure SQL logical server is a logical administrative construct for Azure SQL Database and related SQL resources. Microsoft Learn describes it as the central point for managing a collection of databases, including logins, firewall rules, auditing, threat detection policies, and failover groups.
Azure SQL Database
fundamentals
16 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
Change feed processor
A database capability or setting in Azure Cosmos DB that helps teams store, query, scale, secure, and recover application data with clearer ownership, safety, and operational context.
Azure Cosmos DB
fundamentals
15 commands
Aliases: No aliases yet
Quick peek
Open full term page
AI and Machine Learning
command-rich
Search admin key
A search admin key is one of the generated API keys for an Azure AI Search service that allows full read-write data-plane access. It can create, update, or delete indexes, indexers, data sources, and documents, so it must be protected, rotated, and replaced with role-based access when possible.
Azure AI Search
fundamentals
5 commands
Aliases: Azure AI Search admin key, search service admin key, Azure Search API admin key, primary admin key, secondary admin key
Quick peek
Open full term page
Identity
field-manual-complete
OAuth 2.0
OAuth 2.0 is the system many Azure applications use to get permission to call an API without handing a password to that API. The application sends a user or workload through a trusted Microsoft identity flow, receives an access token, and presents that token to the resource. In practice, OAuth 2.0 explains why app registrations, scopes, consent prompts, redirect URIs, client secrets, certificates, and managed identities all show up when teams secure Azure-hosted applications.
Authentication
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
command-rich
Cosmos DB for Apache Cassandra
Azure Cosmos DB for Apache Cassandra is a managed NoSQL database service that supports Cassandra workloads using CQL, drivers, and compatible tooling.
Data platform
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
command-rich
Cosmos DB for Apache Gremlin
Azure Cosmos DB for Apache Gremlin is a managed graph database service for storing, querying, and traversing graph data with the Gremlin language.
Data platform
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search