Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 1,970 matching terms. Narrow the search to reduce the list.
Identity
verified
RBAC
Azure role-based access control is an authorization system built on Azure Resource Manager. It grants users, groups, service principals, and managed identities specific roles at management group, subscription, resource group, resource, or environment scopes so teams can apply least privilege.
Azure identity
fundamentals
5 commands
Aliases: Azure RBAC, role-based access control, role based access control
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse Studio
Synapse Studio is the browser-based workspace experience for Azure Synapse Analytics. It exposes hubs for data, development, integration, monitoring, and management, letting users author notebooks and SQL scripts, build pipelines, configure connections, review access, and work with Git-backed or live artifacts.
Synapse Analytics
fundamentals
6 commands
Aliases: Azure Synapse Studio, Synapse web workspace, Synapse workspace UI, Synapse authoring experience
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Template spec
A template spec stores an ARM template or Bicep deployment artifact as a versioned Azure resource.
Infrastructure as code
fundamentals
5 commands
Aliases: Template spec, template spec, Azure Template spec, ARM Template spec, Azure template spec, Microsoft.Resources/templateSpecs
Quick peek
Open full term page
Analytics
premium
Databricks access connector
A first-party Azure resource that gives Azure Databricks a managed identity for Unity Catalog storage credentials and other governed service access.
Azure Databricks
intermediate
6 commands
Aliases: Access Connector for Azure Databricks, Azure Databricks access connector, Databricks managed identity connector
Quick peek
Open full term page
Identity
premium
Service principal
A service principal is the local Microsoft Entra identity for an application or automation instance in a tenant. It represents the app for sign-in, consent, and authorization, and it can receive Azure RBAC roles or API permissions without using a human user account.
Azure identity
fundamentals
6 commands
Aliases: Microsoft Entra service principal, Service principal, application service principal, automation identity, service principal, service-principal
Quick peek
Open full term page
Storage
premium
Service SAS
A service SAS is a shared access signature that delegates limited access to a specific Azure Storage service resource, such as a blob, queue, table, or file. It is signed with a storage account key and constrains permissions, resource scope, protocol, IP range, and expiry time.
Blob Storage
fundamentals
6 commands
Aliases: Azure Storage service SAS, Service SAS, service sas, service shared access signature, service-sas, storage service SAS
Quick peek
Open full term page
Security
premium
Key Vault
Azure Key Vault is a cloud service for storing and controlling access to secrets, keys, and certificates. It helps applications, administrators, and automation protect sensitive values with encryption, access control, logging, purge protection, private networking, and managed integration across Azure workloads.
Secrets and keys
Fundamentals
5 commands
Aliases: Key Vault, Azure Key Vault, vault, secrets store, certificate vault, secure secrets store, key vault resource
Quick peek
Open full term page
Security
premium
Key Vault access policy
Key Vault access policy controls which identities can read, write, list, delete, recover, sign, unwrap, or manage Key Vault objects when the vault uses policy-based access. Teams see it in key vault access policies blade, secret permissions. It is not Azure RBAC for Key Vault, a network firewall rule, a secret value, a certificate policy, or an application setting; confusing them can create overprivileged identities, broken secret retrieval. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Secrets and keys
Intermediate
5 commands
Aliases: access policy, vault access policy, Key Vault policy permissions, data-plane access policy
Quick peek
Open full term page
Storage
premium
POSIX ACL
Azure Data Lake Storage supports POSIX-like access control lists on files and directories. Each ACL entry associates a user, group, service principal, or managed identity with permissions, so fine-grained authorization can complement broader Azure RBAC roles on the storage account.
Data Lake Storage Gen2
fundamentals
5 commands
Aliases: ADLS ACL, Azure Data Lake ACL, Data Lake POSIX ACL, path ACL
Quick peek
Open full term page
Storage
premium
Trusted Microsoft services for storage
Trusted Microsoft services for Azure Storage are specific Azure services that Microsoft documents as eligible for storage firewall exceptions. Depending on the service, access may be based on tenant registration, supported operations, or managed identity authorization combined with Azure RBAC or Data Lake ACLs.
Storage platform
intermediate
5 commands
Aliases: trusted Azure services for Storage, storage trusted services list, Azure Storage trusted services, trusted services storage firewall
Quick peek
Open full term page
Storage
premium
Access ACL
An access ACL is path-level permission in ADLS Gen2. It decides who can read, write, or traverse a file or directory. It works alongside Azure RBAC, so storage access often depends on both role assignments and ACL entries.
Data Lake Storage Gen2
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Active assignment
An active assignment is privileged access that is usable immediately for its assignment period without requiring activation. In Microsoft Entra Privileged Identity Management, active assignments differ from eligible assignments, which require an activation step such as MFA, justification, or approval before privileges can be used.
Privileged access
intermediate
4 commands
Aliases: PIM active assignment, active role assignment, standing privileged assignment
Quick peek
Open full term page
Management and Governance
premium
Deny assignment
A deny assignment is an Azure authorization control that blocks specified actions at a scope even when role assignments would otherwise grant access.
Azure RBAC
intermediate
4 commands
Aliases: Azure deny assignment, RBAC deny assignment, system-protected deny assignment, Authorization deny assignment
Quick peek
Open full term page
Management and Governance
premium
Deployment stack deny settings
Deployment stack deny settings define how stack-managed resources are protected from unauthorized control-plane operations, including deny modes, excluded actions, excluded principals, and child-scope behavior.
ARM deployments
advanced
4 commands
Aliases: deploymentStacks denySettings, stack deny settings, deployment stack deny assignments, deny settings mode
Quick peek
Open full term page
Identity
premium
Directory
A directory is the Microsoft Entra identity container associated with users, groups, applications, service principals, devices, and tenant-level identity configuration.
Tenant identity
fundamentals
4 commands
Aliases: Microsoft Entra directory, tenant directory, identity directory, Azure AD directory
Quick peek
Open full term page
Identity
premium
Directory role
A directory role grants permissions to manage Microsoft Entra tenant resources such as users, groups, applications, devices, roles, and security settings.
Privileged access
intermediate
4 commands
Aliases: Microsoft Entra role, administrator role, Entra directory role, tenant administrator role
Quick peek
Open full term page
Storage
premium
Disable Shared Key authorization
Disable Shared Key authorization is a storage account setting that prevents requests from being authorized with account keys and pushes supported access toward Microsoft Entra authorization.
Storage security
intermediate
4 commands
Aliases: disallow Shared Key, AllowSharedKeyAccess false, prevent Shared Key access, disable storage account key access
Quick peek
Open full term page
Networking
premium
DNS zone
A DNS zone is an Azure DNS container for record sets that answer names under a domain. Public zones publish internet-resolvable records after registrar delegation, while private zones resolve only for linked virtual networks and support private endpoint and internal naming patterns.
DNS
fundamentals
4 commands
Aliases: Azure DNS zone, DNS zone, public DNS zone, private DNS zone, hosted zone
Quick peek
Open full term page
Identity
premium
Eligible assignment
An eligible assignment grants a user or principal the ability to activate a privileged Microsoft Entra or Azure RBAC role when needed instead of holding it permanently.
Privileged access
intermediate
4 commands
Aliases: PIM eligible assignment, eligible role assignment
Quick peek
Open full term page
Identity
premium
Log Analytics Data Reader
A Log Analytics Data Reader assignment is an Azure built-in RBAC role for letting approved users, groups, or workload identities query the Log Analytics logs they are allowed to view across workspaces and tables without granting workspace administration, table management, or broader monitoring control.
Azure RBAC
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Resource provider operation
A resource provider operation is the permission-style action string behind Azure RBAC. It describes what can be done, such as Microsoft.Storage/storageAccounts/read or Microsoft.Compute/virtualMachines/write. If access fails, these operations often explain what permission is missing.
Resource providers
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
AI and Machine Learning
premium
AI services resource
An AI services resource is the Azure resource, commonly Microsoft.CognitiveServices/accounts with kind AIServices, that provides the governance scope for AI service access, networking, billing, monitoring, keys, endpoints, model deployments, projects, and related configuration.
Azure AI services
fundamentals
3 commands
Aliases: Azure AI services resource, Foundry resource, AIServices resource, Cognitive Services account
Quick peek
Open full term page
Identity
premium
Managed identity
A managed identity is an automatically managed Microsoft Entra identity assigned to a supported Azure resource. It lets workloads authenticate to services that support Microsoft Entra authentication without storing passwords, certificates, or client secrets in code, configuration, or deployment pipelines.
Microsoft Entra workload identity
intermediate
3 commands
Aliases: Managed identity, system-assigned managed identity, user-assigned managed identity, Azure workload identity, secretless authentication, system-assigned identity, user-assigned identity, Microsoft Entra ID, Microsoft Entra workload identity
Quick peek
Open full term page
Identity
premium
Assignment managed identity
Assignment managed identity is the identity Azure Policy uses when a policy assignment must change resources during remediation. It matters most for effects such as modify and deployIfNotExists, where Policy is not just reporting non-compliance but attempting to fix or deploy something. The identity needs Azure RBAC permissions at the right scope. Without those.
Azure Policy
intermediate
2 commands
Aliases: Policy assignment identity, Azure Policy managed identity, policy remediation identity, assignment identity
Quick peek
Open full term page
Analytics
field-manual-complete
Synapse role
A Synapse role is a workspace-level RBAC permission set that controls what users, groups, managed identities, and service principals can do inside Azure Synapse Analytics. Synapse RBAC governs workspace artifacts and actions, while Azure RBAC controls management of the Azure resources.
Synapse Analytics
intermediate
8 commands
Aliases: Azure Synapse role, Synapse RBAC role, Synapse workspace role, Synapse access role
Quick peek
Open full term page
Storage
verified
Path ACL
In Azure Data Lake Storage Gen2, a path ACL is a POSIX-like access control list applied to a directory or file path. It works with Azure RBAC and ownership metadata to determine which users, groups, service principals, or managed identities can traverse, read, write, or execute data.
Data Lake Storage Gen2
intermediate
5 commands
Aliases: Data Lake path ACL, ADLS Gen2 ACL, access ACL, directory ACL, file ACL, POSIX ACL
Quick peek
Open full term page
Identity
verified
Reader role
Reader is an Azure RBAC built-in role that grants read access to Azure Resource Manager control-plane information at the assigned scope. It can view resources and metadata but cannot create, update, delete, or manage access. It does not automatically grant service data-plane read permissions.
Azure RBAC
fundamentals
4 commands
Aliases: Azure Reader role, Reader RBAC role, view-only role, Azure RBAC Reader, control-plane read role
Quick peek
Open full term page
Identity
field-manual-complete
Security group
A security group is a named set of identities that receive access together.
Identity operations
fundamentals
4 commands
Aliases: Microsoft Entra security group, Entra security group, access group
Quick peek
Open full term page
Management and Governance
premium field-manual
Management group inheritance
Management group inheritance is the way Azure governance assignments at a parent management group flow down to child groups and subscriptions. Teams use it when platform teams want policy, RBAC, and governance controls applied consistently across many subscriptions. In plain English, it gives operators a named control for centralized governance with predictable downstream scope and fewer one-off subscription changes instead of leaving the decision hidden in a portal setting, script, or deployment file. Treat it as production-ready only when the owner, dependencies, permission boundary, monitoring signal, and rollback evidence are clear.
Management groups
intermediate
4 commands
Aliases: scope inheritance, Management group inheritance, Azure Management Groups, Management groups, Azure management groups, policy assignment, role assignment, Azure management groups and Azure Policy, inherited governance, Azure management groups, Azure Policy, and Azure RBAC
Quick peek
Open full term page
Security
field-manual-complete
Least privilege
Least privilege means granting identities only the permissions required to perform their tasks, and no broader access than necessary. Microsoft Learn guidance applies this principle across Azure RBAC, data-plane permissions, privileged access, managed identities, and operational reviews to reduce attack surface and limit blast radius.
Security architecture
fundamentals
2 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Azure Policy
Azure Policy is a governance service for creating, assigning, and managing rules that evaluate Azure resources.
Azure Policy
fundamentals
7 commands
Aliases: Policy
Quick peek
Open full term page
Management and Governance
premium
Azure subscription
An Azure subscription is a management, billing, and scale unit for Azure resources.
Azure scope
fundamentals
7 commands
Aliases: subscription
Quick peek
Open full term page
Developer Tools
premium
Azure CLI
A cross-platform command-line tool for connecting to Azure and executing administrative commands on Azure resources.
Command line
fundamentals
6 commands
Aliases: az, Azure command-line interface
Quick peek
Open full term page
AI and Machine Learning
premium
Azure AI Foundry
Create a governed project boundary where AI teams can build agents, evaluations, files, and model deployments without unmanaged sprawl.; Compare, evaluate, and approve model deployments before a generative AI feature is
AI platform
fundamentals
5 commands
Aliases: AI Foundry, Microsoft Foundry, Foundry resource, Foundry project, Azure AI Foundry, azure ai foundry
Quick peek
Open full term page
Analytics
premium
Azure Databricks Unity Catalog
A unified governance layer in Azure Databricks for data and AI assets, including catalogs, schemas, tables, volumes, models, privileges, and lineage.
Data governance
intermediate
5 commands
Aliases: Unity Catalog
Quick peek
Open full term page
DevOps
premium
Azure DevOps organization
The top-level Azure DevOps Services container that connects related projects, users, repositories, pipelines, artifacts, permissions, and organization settings.
Azure DevOps
fundamentals
5 commands
Aliases: Azure DevOps org
Quick peek
Open full term page
Management and Governance
premium
Azure Lighthouse
Azure Lighthouse enables secure delegated management of Azure resources across customer tenants, supporting service providers and central teams with scalable cross-tenant governance.
Delegated resource management
advanced
5 commands
Aliases: Lighthouse, delegated resource management, Microsoft Managed Services delegation
Quick peek
Open full term page
Compute
premium
Azure Compute Gallery
A service for organizing, versioning, replicating, and sharing VM images and application packages across Azure subscriptions, tenants, and regions.
Disks and images
intermediate
4 commands
Aliases: Shared Image Gallery
Quick peek
Open full term page
Management and Governance
premium
Azure control plane
The Azure control plane is the part of Azure you use to manage resources rather than consume the application or data inside them. Microsoft Learn anchors this term in Azure control plane and data plane, but this field-manual definition is intentionally wider than an older short glossary entry because the page must teach what to inspect, what can break, who owns the decision, and which evidence proves the Azure environment is behaving as intended. In field use, start with the technical boundary: Technically, the Azure control plane is handled by.
Azure Resource Manager
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Monitoring and Observability
premium
Azure dashboard
A customizable Azure portal view for organizing resource tiles, metrics, charts, links, and operational context into private or shared dashboards.
Visualization
fundamentals
4 commands
Aliases: Azure portal dashboard, Portal dashboard
Quick peek
Open full term page
Storage
premium
Azure Storage Explorer
Azure Storage Explorer is a standalone app for Windows, macOS, and Linux that helps users connect to and manage Azure Storage data and resources through a graphical interface.
Storage tooling
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Azure Tables API
Azure Cosmos DB for Table provides an API for table-style key-value data where entities are identified by partition key and row key, supporting applications written for Azure Table storage that need premium capabilities.
Table Storage
intermediate
4 commands
Aliases: Azure Table API, Cosmos DB for Table API, Azure Table Storage API
Quick peek
Open full term page
Databases
premium
Azure SQL logical server
An Azure SQL logical server is a logical administrative construct for Azure SQL Database and related SQL resources. Microsoft Learn describes it as the central point for managing a collection of databases, including logins, firewall rules, auditing, threat detection policies, and failover groups.
Azure SQL Database
fundamentals
16 commands
Aliases: No aliases yet
Quick peek
Open full term page
AI and Machine Learning
premium
Azure OpenAI resource
An Azure OpenAI resource is the Azure control-plane boundary that hosts deployments, endpoints, access, networking, and billing context.
Azure OpenAI
fundamentals
12 commands
Aliases: No aliases yet
Quick peek
Open full term page
AI and Machine Learning
premium
Azure OpenAI Service
Azure OpenAI Service provides managed access to OpenAI model capabilities through Azure endpoints and enterprise controls.
Generative AI
fundamentals
11 commands
Aliases: Azure OpenAI
Quick peek
Open full term page
AI and Machine Learning
premium
Azure OpenAI
Azure OpenAI provides OpenAI model capabilities through Azure resources, deployments, identity, networking, quota, and monitoring controls.
Azure OpenAI
intermediate
8 commands
Aliases: Azure OpenAI Service
Quick peek
Open full term page
Developer Tools
premium
Azure PowerShell
Azure PowerShell is Microsoft’s Az module collection for managing Azure resources from PowerShell.
Command line
fundamentals
7 commands
Aliases: Az PowerShell module, Az module, Azure PowerShell, Azure PowerShell cmdlets, PowerShell for Azure
Quick peek
Open full term page
Developer Tools
premium
Azure Developer CLI
An open-source developer command-line tool that accelerates provisioning, deployment, pipeline setup, and monitoring for application resources on Azure.
Developer workflow
fundamentals
6 commands
Aliases: azd
Quick peek
Open full term page
Compute
premium
Azure Functions
Azure Functions is Azure serverless compute for running code from triggers such as HTTP requests, queues, timers, events, and service integrations without managing servers.
Serverless compute
intermediate
6 commands
Aliases: Functions, Function App, serverless functions
Quick peek
Open full term page
Containers
premium
Azure Kubernetes Service
Azure Kubernetes Service is Azure’s managed Kubernetes service for deploying, scaling, and operating containerized applications while Azure manages much of the cluster control plane.
Managed Kubernetes
advanced
6 commands
Aliases: AKS, managed Kubernetes
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search