Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 146 matching terms. Narrow the search to reduce the list.
Web
premium
App Service authentication provider
An identity provider configured in App Service Authentication, such as Microsoft Entra ID, that handles user sign-in for the app. It helps learners understand where the concept appears in Azure operations and what to verify before changing it.
App Service
intermediate
5 commands
Aliases: app service authentication provider, authentication provider
Quick peek
Open full term page
Databases
premium
Azure SQL Microsoft Entra authentication
A database capability or setting in Azure SQL Database that helps teams store, query, scale, secure, and recover application data with clearer ownership, safety, and operational context.
Azure SQL Database
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Kerberos authentication for Azure Files
Kerberos authentication for Azure Files is the identity-based SMB authentication option that lets Azure file shares use Kerberos with a supported directory identity source instead of only storage keys or SAS.
Azure Files
advanced
5 commands
Aliases: Azure Files Kerberos, Microsoft Entra Kerberos for Azure Files, identity-based authentication for Azure Files, SMB Kerberos Azure Files
Quick peek
Open full term page
Databases
premium
Microsoft Entra authentication for SQL
Microsoft Entra authentication for SQL is the use of Microsoft Entra identities to authenticate to Azure SQL Database, SQL Managed Instance, or related SQL resources. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Azure SQL identity
intermediate
4 commands
Aliases: Azure SQL Entra authentication, Azure AD authentication for SQL, SQL Entra auth
Quick peek
Open full term page
Identity
premium
Multifactor authentication
Multifactor authentication means a Microsoft Entra sign-in control that requires two or more verification factors before access is granted. You see it when teams protect Azure portal access, privileged roles, risky sign-ins, and sensitive applications from password-only compromise. Think of it as stronger proof of user identity during sign-in, not a replacement for least privilege or role review. It matters because the setting changes how teams design, secure, operate, and troubleshoot the workload. Before changing it in production, know the owner, dependency, evidence, expected result, and rollback path.
Access control
fundamentals
4 commands
Aliases: MFA
Quick peek
Open full term page
Databases
complete
SQL Microsoft Entra authentication
Microsoft Learn describes Microsoft Entra authentication for Azure SQL as using identities from Microsoft Entra ID to authenticate to Azure SQL Database, Azure SQL Managed Instance, Synapse SQL, and related SQL platforms. It supports users, groups, applications, and managed identities while database permissions still control authorization.
Azure SQL security and identity
intermediate
5 commands
Aliases: Azure SQL Entra authentication, Microsoft Entra authentication for Azure SQL, Azure AD authentication for SQL, Entra ID SQL authentication
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse workspace managed identity
A Synapse workspace managed identity is the workspace's own identity in Microsoft Entra ID. Instead of saving passwords, keys, or connection strings inside pipelines and notebooks, Synapse can use this identity to ask for tokens and reach trusted Azure resources. It is commonly used for Data Lake Storage, Key Vault, SQL, and linked service...
Synapse Analytics
intermediate
8 commands
Aliases: Synapse managed service identity, Synapse MSI, workspace system-assigned identity, Synapse workspace identity
Quick peek
Open full term page
Analytics
learning-path-anchor
Databricks secret scope
A named Databricks collection of secrets used to store credentials and grant controlled read or manage access to workloads.
Databricks
fundamentals
4 commands
Aliases: Databricks secrets scope, secret scope, Azure Databricks secrets
Quick peek
Open full term page
Identity
learning-path-anchor
Tenant ID
A tenant ID is the globally unique identifier for a Microsoft Entra tenant.
Microsoft Entra
fundamentals
4 commands
Aliases: Tenant ID, tenant id, Azure Tenant ID, Microsoft Entra tenant ID, directory ID, tenantId
Quick peek
Open full term page
AI and Machine Learning
learning-path-anchor
Text to speech
Text to speech in Azure AI Speech converts written text or SSML into synthesized audio using neural voices, custom voice options, language support, and APIs. Teams use it to add spoken responses to apps, contact centers, accessibility tools, devices, and media workflows while governing region, keys, networking, and quota.
Azure AI services
fundamentals
4 commands
Aliases: Text to speech, text to speech, Azure Text to speech, Microsoft Learn Text to speech, TTS, speech synthesis, Azure AI Speech synthesis, neural voices, SSML speech
Quick peek
Open full term page
Databases
premium
Azure SQL logical server
An Azure SQL logical server is a logical administrative construct for Azure SQL Database and related SQL resources. Microsoft Learn describes it as the central point for managing a collection of databases, including logins, firewall rules, auditing, threat detection policies, and failover groups.
Azure SQL Database
fundamentals
16 commands
Aliases: No aliases yet
Quick peek
Open full term page
AI and Machine Learning
command-rich
Search admin key
A search admin key is one of the generated API keys for an Azure AI Search service that allows full read-write data-plane access. It can create, update, or delete indexes, indexers, data sources, and documents, so it must be protected, rotated, and replaced with role-based access when possible.
Azure AI Search
fundamentals
5 commands
Aliases: Azure AI Search admin key, search service admin key, Azure Search API admin key, primary admin key, secondary admin key
Quick peek
Open full term page
AI and Machine Learning
premium
Azure OpenAI
Azure OpenAI provides OpenAI model capabilities through Azure resources, deployments, identity, networking, quota, and monitoring controls.
Azure OpenAI
intermediate
8 commands
Aliases: Azure OpenAI Service
Quick peek
Open full term page
Developer Tools
premium
Azure CLI
A cross-platform command-line tool for connecting to Azure and executing administrative commands on Azure resources.
Command line
fundamentals
6 commands
Aliases: az, Azure command-line interface
Quick peek
Open full term page
Integration
premium
Event subscription
An Event subscription is an Event Grid configuration that selects events from a source and delivers matching events to a destination endpoint. Teams use it to route storage, resource, custom, or partner events to the correct webhook, function, queue, topic, or event handler. It is not the event source itself, an Azure subscription, an Event Hubs consumer group, or proof that the destination successfully processed every event. In production, confirm source scope, event types, filters, endpoint URL or resource ID, authentication method, dead-letter destination, retry settings, diagnostic logs, and receiving application owner before treating the design as healthy or ready.
Event Grid
intermediate
6 commands
Aliases: Event Grid subscription, event routing subscription, event delivery subscription
Quick peek
Open full term page
Containers
premium
Event-driven scale rule
An Event-driven scale rule is a Container Apps scaling configuration that uses event-source metrics to decide how many replicas or job executions to run. Teams use it to connect queue length, event backlog, HTTP load, Kafka lag, or other scaler metadata to automatic scaling decisions. It is not the event source itself, a Kubernetes HPA object, a fixed replica count, or a complete guarantee that the application processes events correctly. In production, confirm scaler type, metadata names, authentication method, min and max replicas, polling interval, cooldown behavior, event source metrics, container revision, and downstream capacity before treating the design as.
Azure Container Apps
intermediate
6 commands
Aliases: KEDA scale rule, Container Apps event scale rule, custom scale rule
Quick peek
Open full term page
Containers
premium
External ingress
External ingress in Azure Container Apps allows traffic from outside the Container Apps environment to reach a container app endpoint. Teams use it to publish a container app to callers outside the environment, including users, APIs, webhooks, partners, or front-end gateways that need a reachable HTTPS or TCP endpoint. It is not internal-only ingress, a custom domain certificate, a network security guarantee, or proof that authentication, authorization, rate limits, and backend health are configured correctly.
Azure Container Apps
intermediate
6 commands
Aliases: external Container Apps ingress, public ingress, internet-facing ingress
Quick peek
Open full term page
Databases
premium
PostgreSQL connection string
Application configuration that identifies the PostgreSQL server, database, port, authentication method, and TLS path used by a workload.
Data platform
intermediate
6 commands
Aliases: PostgreSQL connection string, postgresql connection string, connection string, Azure Database for PostgreSQL connection string, FQDN, port 5432, port 6432
Quick peek
Open full term page
Databases
premium
PostgreSQL flexible server
The managed Azure PostgreSQL server resource that owns compute, storage, backups, networking, high availability, parameters, and databases.
PostgreSQL flexible server
fundamentals
6 commands
Aliases: PostgreSQL flexible server, postgresql flexible server, Azure Database for PostgreSQL flexible server, managed PostgreSQL, backup retention, high availability, private access
Quick peek
Open full term page
Storage
premium
Service endpoint for Storage
A service endpoint for Storage enables the Microsoft.Storage endpoint on a virtual network subnet and pairs it with storage account network rules. It lets workloads in that subnet reach Azure Storage over the Microsoft backbone while the account firewall allows only approved virtual network sources.
Storage platform
intermediate
6 commands
Aliases: Azure Storage VNet rule, Microsoft.Storage service endpoint, Service endpoint for Storage, Storage service endpoint, service endpoint for storage, service-endpoint-for-storage
Quick peek
Open full term page
Identity
premium
Service principal
A service principal is the local Microsoft Entra identity for an application or automation instance in a tenant. It represents the app for sign-in, consent, and authorization, and it can receive Azure RBAC roles or API permissions without using a human user account.
Azure identity
fundamentals
6 commands
Aliases: Microsoft Entra service principal, Service principal, application service principal, automation identity, service principal, service-principal
Quick peek
Open full term page
Containers
premium
ACR admin user
The ACR admin user is the quick username-and-password login for a registry. It can be convenient for tests, but it weakens accountability because it is shared. For production, prefer Entra identities, managed identities, tokens, or scoped access patterns.
Azure Container Registry
intermediate
5 commands
Aliases: ACR
Quick peek
Open full term page
Containers
premium
API server authorized IP ranges
API server authorized IP ranges are an AKS security setting that limits who can reach the Kubernetes control-plane endpoint. Instead of letting any public IP attempt a connection to the API server, the cluster allows only specified public CIDR ranges, such as corporate VPN, jump-host, automation,.
Azure Kubernetes Service
intermediate
5 commands
Aliases: AKS API server authorized IP ranges, authorized API server IP ranges
Quick peek
Open full term page
Identity
premium
App registration
An app registration is the identity profile for an application, not the application code itself. It tells Microsoft Entra ID how the app is allowed to sign in users or request tokens. It contains values developers copy into configuration, such as client ID, tenant, redirect URI, credentials, and permissions. When sign-in breaks, consent fails, or tokens contain the wrong audience, the app registration is often where engineers look first. It is the contract between the app, Entra ID, administrators, and downstream APIs.
Applications
fundamentals
5 commands
Aliases: Microsoft Entra app registration, application registration
Quick peek
Open full term page
Web
premium
App Service auth token store
An App Service Authentication feature that stores provider tokens for signed-in users so application code can access them through the built-in authentication flow. It helps learners understand where the concept appears in Azure operations and what to verify before changing it.
App Service
intermediate
5 commands
Aliases: app service auth token store, auth token store
Quick peek
Open full term page
AI and Machine Learning
premium
Azure OpenAI managed identity
Azure OpenAI managed identity uses Microsoft Entra identities so Azure workloads can call model endpoints without stored keys.
Azure OpenAI
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
Azure SQL Database
Azure SQL Database is a fully managed relational database service in Azure that provides SQL Server-compatible engines as single databases, elastic pools, and serverless or provisioned compute choices. Microsoft Learn presents it as platform as a service with built-in availability, backups, patching, scaling, and security integration.
Database
intermediate
5 commands
Aliases: Azure SQL DB, Azure SQL Database, Azure SQL pooled database, Azure SQL single database, SQL Database
Quick peek
Open full term page
Identity
premium
Azure tenant
An Azure tenant is the Microsoft Entra directory that provides identity and access management for users, groups, applications, service principals, devices, and Azure resources associated with an organization.
Azure identity
fundamentals
5 commands
Aliases: tenant, Microsoft Entra tenant, tenant ID
Quick peek
Open full term page
AI and Machine Learning
premium
Chat completion
A AI platform capability in Azure OpenAI that helps teams build, secure, observe, and govern intelligent applications with clearer ownership, safety, and operational context.
Azure OpenAI
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Integration
premium
Event Grid event handler
Event Grid event handler is the destination endpoint or Azure service that receives matching events from an Event Grid event subscription and acts on them. In Azure, it shows up when an event-driven workflow needs a function, logic app, webhook, queue, topic, event hub, storage queue, relay connection, or namespace topic to process events. Teams use it to review handler type, endpoint URL or resource ID, authentication method, validation handshake, managed identity permissions, retry behavior, dead-lettering, monitoring, and scaling plan before changing production behavior. It is not the event publisher, Event Grid topic, event schema, or the business event itself.
Event routing
fundamentals
5 commands
Aliases: Event Grid handler, Event Grid destination
Quick peek
Open full term page
Integration
premium
Event Hubs private endpoint
An Event Hubs private endpoint is a Private Link network interface that lets clients reach an Event Hubs namespace through a private IP address in a virtual network. Teams use it to keep Event Hubs traffic on private network paths and restrict namespace access from public internet routes. It is not an outbound connection from Event Hubs into your subnet, a substitute for authentication, or a guarantee that every Azure service can still reach the namespace.
Event Hubs
intermediate
5 commands
Aliases: Private Link for Event Hubs, Event Hubs Private Link, private endpoint connection
Quick peek
Open full term page
AI and Machine Learning
premium
Inference endpoint
Inference endpoint is the Azure concept that controls how applications invoke deployed machine learning models securely, reliably, and measurably in Azure. Teams see it when working with azure machine learning online endpoints, batch endpoints. It is not a model artifact, a training job, an Azure OpenAI deployment, or an application API gateway by itself; that distinction matters because bad assumptions create failed predictions, public exposure. Use the term when reviewing ownership, access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same resource, setting, or behavior.
Azure Machine Learning
Intermediate
5 commands
Aliases: ML inference endpoint, online endpoint, managed online endpoint, batch endpoint, scoring endpoint
Quick peek
Open full term page
AI and Machine Learning
premium
Input token
Input token controls how much information an AI request can send to the model and how that request consumes quota, cost, latency, and context capacity. Teams see it in azure openai requests, chat completions. It is not an output token, API key, authentication token, session token, or tokenizer algorithm; confusing them can create truncated prompts, high cost. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Azure OpenAI
Fundamentals
5 commands
Aliases: prompt token, input tokens, request tokens, model input token, context input token
Quick peek
Open full term page
AI and Machine Learning
premium
Integrated vectorization
Integrated vectorization controls how Azure AI Search creates and uses embeddings inside indexing and query pipelines so applications can run vector or hybrid search without external embedding glue code. Teams see it in azure ai search indexes, skillsets. It is not manual offline embedding generation, plain keyword search, semantic ranking alone, a vector index without a vectorizer, or a model fine-tuning job; confusing them can create dimension mismatches, failed indexer runs. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Azure AI Search
Advanced
5 commands
Aliases: Azure AI Search integrated vectorization, query-time vectorization, indexer vectorization, vectorizer, embedding skill
Quick peek
Open full term page
Security
premium
Key Vault
Azure Key Vault is a cloud service for storing and controlling access to secrets, keys, and certificates. It helps applications, administrators, and automation protect sensitive values with encryption, access control, logging, purge protection, private networking, and managed integration across Azure workloads.
Secrets and keys
Fundamentals
5 commands
Aliases: Key Vault, Azure Key Vault, vault, secrets store, certificate vault, secure secrets store, key vault resource
Quick peek
Open full term page
AI and Machine Learning
premium
Knowledge source
Knowledge source controls which indexed or remote content an agentic retrieval workflow can query before ranking and returning grounding material to an AI application. Teams see it in knowledge base definitions, azure ai search services. It is not a search index, data source connection, knowledge store, vectorizer, skillset, or generic document library; confusing them can create ungrounded answers, wrong content source. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Azure AI Search
Intermediate
5 commands
Aliases: Azure AI Search knowledge source, agentic retrieval knowledge source, indexed knowledge source, remote knowledge source
Quick peek
Open full term page
Containers
premium
kubeconfig
kubeconfig is the client configuration that tells kubectl and related tools which Kubernetes cluster, user credential, context, and namespace to use. Microsoft Learn describes AKS access through credentials retrieved with az aks get-credentials, where context selection determines which cluster receives operational commands.
AKS access and administration
Intermediate
5 commands
Aliases: Kubernetes config file, AKS kubeconfig, kubectl configuration, cluster credentials
Quick peek
Open full term page
Web
premium
Local Git deployment
Microsoft Learn describes Local Git deployment for App Service as a method for deploying code from a Git repository on a local computer to an app-hosted Git endpoint. It requires deployment credentials and Source Control Manager basic authentication. Operators should review it with the connected Azure resource settings.
App Service
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
PostgreSQL firewall rule
A public-network access rule that permits a specific IPv4 range to reach an Azure Database for PostgreSQL flexible server.
PostgreSQL flexible server
intermediate
5 commands
Aliases: PostgreSQL firewall rule, postgresql firewall rule, Azure PostgreSQL firewall, public access, IPv4 allowlist, source IP, start IP address
Quick peek
Open full term page
Integration
premium
Service Bus managed identity
Service Bus managed identity means using Microsoft Entra managed identities so Azure-hosted applications can access Service Bus without stored credentials. Applications receive RBAC roles such as Data Sender or Data Receiver, while Service Bus namespace identities may also be assigned for service-managed scenarios such as encryption configuration.
Service Bus
fundamentals
5 commands
Aliases: Service Bus identity-based access, Service Bus Entra authentication, managed identity for Service Bus, Service Bus secretless authentication, Service Bus RBAC identity
Quick peek
Open full term page
Storage
premium
SFTP for Blob Storage
SFTP for Blob Storage is the storage-account feature that exposes blob containers to SFTP clients after hierarchical namespace is enabled. Administrators configure local users, authentication methods, home directories, and permission scopes so external or internal clients can transfer files without custom SFTP infrastructure.
Blob Storage
advanced
5 commands
Aliases: Blob Storage SFTP, SFTP for Blob Storage, SFTP landing zone, storage SFTP local user, SFTP-enabled storage account
Quick peek
Open full term page
Storage
premium
Trusted Microsoft services access
Trusted Microsoft services access is an Azure Storage firewall exception that allows selected Azure services to reach a restricted storage account when their service traffic cannot be represented by virtual network or IP rules. The services still authenticate and must be allowed for supported operations.
Azure Storage
intermediate
5 commands
Aliases: trusted Azure services access, AzureServices bypass, allow trusted Microsoft services, storage trusted services access
Quick peek
Open full term page
AI and Machine Learning
premium
Agent tool
Agent tool is a capability an agent can invoke to search, run code, query data, call APIs, or perform a configured action. In everyday Azure work, teams use it to let an agent go beyond text generation by grounding answers or carrying out controlled work. The useful evidence is tool type, configuration, authentication method, allowed
Microsoft Foundry
intermediate
4 commands
Aliases: Foundry agent tool, AI agent tool, agent built-in tool, agent custom tool
Quick peek
Open full term page
AI and Machine Learning
premium
AI connection
AI connection is a Microsoft Foundry project connection that links the project to an external or Azure resource such as models, storage, search, or services. In everyday Azure work, teams use it to let AI applications and agents use approved resources without every prototype hardcoding endpoints and credentials. The useful evidence is connection name, target
AI platform
intermediate
4 commands
Aliases: Foundry connection, AI project connection, connected resource, AI service connection
Quick peek
Open full term page
Web
premium
App Service
Azure App Service is a managed HTTP-based platform for hosting web apps, REST APIs, and mobile back ends without managing the underlying servers. It helps learners understand where the concept appears in Azure operations and what to verify before changing it.
App Service
intermediate
4 commands
Aliases: App Service, app service
Quick peek
Open full term page
AI and Machine Learning
premium
Azure AI Translator
A cloud-based machine translation service for translating text and documents across supported languages through REST APIs and client libraries.
AI services
intermediate
4 commands
Aliases: Azure Translator, Document Translation, Text Translation, Translator
Quick peek
Open full term page
Identity
premium
Conditional Access
Conditional Access is the rule system that decides what a user, workload, or agent must prove before getting into an application. It is not just an MFA switch. A policy can ask who is signing in, where the request comes from, what device is used, which app is targeted, and whether risk signals look suspicious. Then it can allow access, block it, require stronger authentication, demand a compliant device, or.
Access control
fundamentals
4 commands
Aliases: Conditional Access, Microsoft Entra Conditional Access, conditional-access, Entra Conditional Access
Quick peek
Open full term page
Identity
premium
Conditional Access policy
Require phishing-resistant or multifactor authentication for privileged administrators accessing Azure management portals.; Block or challenge risky sign-ins based on sign-in risk, user risk, unfamiliar location, or impo
Privileged access
fundamentals
4 commands
Aliases: Conditional Access policy
Quick peek
Open full term page
Databases
premium
Cosmos DB firewall
Azure Cosmos DB firewall controls inbound access to a Cosmos DB account by allowing selected IP addresses, IP ranges, Azure services, or virtual network paths.
Azure Cosmos DB
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
Cosmos DB role assignment
Cosmos DB role assignment means a binding that grants a Microsoft Entra principal a Cosmos DB data-plane role at a specific account, database, or container scope in Azure Cosmos DB. In plain English, it is the thing developers and operators check when they need to understand how data access really works. It connects the application model to least-privilege access, managed identity authentication, scope control, and auditable authorization without sharing account keys. For a production team, it turns vague database talk into a specific thing to inspect in the portal, SDK code, templates, metrics, and incident notes.
Azure Cosmos DB
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search