Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 517 matching terms. Narrow the search to reduce the list.
Security
field-manual-complete
Security recommendation
A security recommendation is a prioritized instruction from Microsoft Defender for Cloud that says, in effect, this resource has a security problem worth reviewing.
Cloud security posture
fundamentals
4 commands
Aliases: Defender for Cloud recommendation, cloud security recommendation, security assessment
Quick peek
Open full term page
Security
complete
Defender for Cloud
Microsoft Defender for Cloud is a cloud-native application protection platform that provides security posture management, recommendations, regulatory insights, and workload protection across Azure, multicloud, and DevOps environments.
Cloud security posture
beginner
4 commands
Aliases: Microsoft Defender for Cloud, Azure Defender for Cloud, MDC
Quick peek
Open full term page
Security
premium
Secure Score
Secure Score in Microsoft Defender for Cloud is a risk-based measurement of cloud security posture. It summarizes progress against security recommendations and controls so teams can prioritize remediation, track improvement, and communicate posture across Azure and multicloud environments over time.
Cloud security posture
fundamentals
5 commands
Aliases: secure score, Defender for Cloud secure score, cloud secure score, security posture score, Microsoft Defender secure score
Quick peek
Open full term page
Management and Governance
premium
Cloud resource hygiene
Cloud resource hygiene is an operational governance practice for keeping Azure resources organized, tagged, owned, secured, monitored, costed, and retired when no longer needed.
Operational hygiene
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Cloud tiering
A storage feature or access model in Files, queues, and tables that helps teams store, protect, move, and govern application or analytics data with clearer ownership, safety, and operational context.
Files, queues, and tables
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Compute
premium
cloud-init
A Linux initialization mechanism commonly used to configure VMs during first boot.
Virtual Machines
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Integration
premium
CloudEvents schema
A integration pattern or service capability in Event routing that helps teams connect services reliably without tightly coupling every component with clearer ownership, safety, and operational context.
Event routing
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Networking
premium
Network Security Group
Network Security Group means an Azure rule set that filters inbound and outbound network traffic for subnets or network interfaces. You see it when teams restrict application ports, isolate workloads, permit administration, block unwanted traffic, or document network segmentation. Think of it as a prioritized traffic filter near the workload, not complete application security. It matters because the setting changes how teams design, secure, operate, and troubleshoot the workload. Before changing it in production, know the owner, dependency, evidence, expected result, and rollback path.
Network security
fundamentals
5 commands
Aliases: NSG
Quick peek
Open full term page
Storage
premium
Cloud endpoint
In Azure File Sync, a cloud endpoint is a pointer to an Azure file share; server endpoints synchronize with the cloud endpoint, making the file share the sync hub.
Files, queues, and tables
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Developer Tools
premium
Cloud Shell
Azure Cloud Shell is a browser-based, authenticated, preconfigured shell experience for managing Azure resources with tools such as Azure CLI and Azure PowerShell.
Command line
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Networking
premium
Application security group
An application security group lets you group virtual machine network interfaces so network security group rules can target application roles instead of explicit IP addresses.
Network security
fundamentals
2 commands
Aliases: ASG, application security group
Quick peek
Open full term page
Identity
field-manual-complete
Security group
A security group is a named set of identities that receive access together.
Identity operations
fundamentals
4 commands
Aliases: Microsoft Entra security group, Entra security group, access group
Quick peek
Open full term page
Containers
premium
Azure Container Registry
A managed private registry service for building, storing, and managing container images and OCI artifacts for container deployments.
Container images
fundamentals
5 commands
Aliases: ACR
Quick peek
Open full term page
Databases
premium
Azure SQL vulnerability assessment
Azure SQL vulnerability assessment is a Defender for Cloud capability that scans Azure SQL databases for security misconfigurations, risky settings, and findings that can be reviewed and remediated.
Azure SQL Database
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Containers
premium
Defender for Containers
Microsoft Defender for Containers is a Defender for Cloud plan that provides security posture, vulnerability assessment, and threat protection for containerized assets such as Kubernetes clusters, workloads, registries, and images.
Azure Kubernetes Service
intermediate
4 commands
Aliases: Microsoft Defender for Containers, container protection plan, Defender container security
Quick peek
Open full term page
Databases
learning-path-anchor
Table
A table is the basic place where structured data lives in a database. Each row is one record, and each column describes one attribute, such as customer ID, order date, amount, or status. In Azure, tables show up in Azure SQL Database, SQL Managed Instance, Synapse dedicated SQL pools, Fabric warehouses, PostgreSQL, MySQL, and...
Database
intermediate
4 commands
Aliases: database table, SQL table, relational table, data table
Quick peek
Open full term page
Databases
learning-path-anchor
Cosmos DB emulator
The Azure Cosmos DB emulator provides a local environment that emulates Azure Cosmos DB for development and testing without requiring a cloud account.
Azure Cosmos DB
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Security
verified
Regulatory compliance
Regulatory compliance is the view that translates cloud security findings into standards, controls, and audit language. Instead of only saying “this storage account is misconfigured,” Defender for Cloud can show how that issue affects a benchmark or regulatory framework. For operators, it
Compliance
fundamentals
5 commands
Aliases: Defender for Cloud regulatory compliance, compliance dashboard, compliance standards, regulatory compliance standards
Quick peek
Open full term page
Management and Governance
premium
Azure Policy
Azure Policy is a governance service for creating, assigning, and managing rules that evaluate Azure resources.
Azure Policy
fundamentals
7 commands
Aliases: Policy
Quick peek
Open full term page
Analytics
premium
Data Factory
Azure’s managed data integration service for creating pipelines that move, transform, schedule, and orchestrate data across cloud, SaaS, and hybrid stores.
Data integration and orchestration
Intermediate
6 commands
Aliases: Data Factory, Data Factory, data factory
Quick peek
Open full term page
Networking
premium
ExpressRoute
ExpressRoute lets organizations extend on-premises networks into Microsoft cloud services over private connectivity provided through a connectivity provider. Teams use it to connect datacenters, branches, or colocation environments to Azure with predictable private paths for workloads that need stronger latency, bandwidth, and routing control than public internet connections. It is not a VPN tunnel, a private endpoint, an internet performance guarantee, or proof that every connected application is secure, redundant, or correctly routed. In production, confirm circuit state, provider state, peering configuration, BGP routes, gateway SKU, connected virtual networks, bandwidth, metrics, DNS path, firewall path, and provider escalation details before.
Hybrid connectivity
intermediate
6 commands
Aliases: Azure ExpressRoute, ExpressRoute circuit, private Microsoft cloud connectivity
Quick peek
Open full term page
Migration
premium
Backup vault
A Backup vault is an Azure Backup storage and management entity that stores backups, recovery points, and backup policies for supported newer workloads.
Backup and recovery
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Analytics
premium
Data Factory pipeline
A logical grouping of Data Factory activities that performs a coordinated data movement, transformation, or control-flow process.
Data integration and orchestration
Intermediate
5 commands
Aliases: Data Factory pipeline, ADF pipeline, data factory pipeline
Quick peek
Open full term page
Management and Governance
premium
Drift detection
Drift detection identifies differences between the expected configuration baseline and the actual state of resources, policies, workloads, or managed infrastructure.
Operational compliance
intermediate
5 commands
Aliases: configuration drift detection, resource drift detection, drift monitoring, infrastructure drift detection
Quick peek
Open full term page
Networking
premium
Front Door
Azure Front Door is Microsoft’s global edge service for modern web applications. Microsoft Learn describes it as a cloud CDN that provides fast, reliable, and secure access to static and dynamic content through Microsoft’s global edge network worldwide.
Application delivery and API edge
intermediate
5 commands
Aliases: Azure Front Door, AFD, Azure Front Door Standard, Azure Front Door Premium, global edge
Quick peek
Open full term page
Security
premium
Incident
Incident is a security or operational case that groups alerts, entities, evidence, investigation notes, and response actions around a potential issue.
SIEM and SOAR
fundamentals
5 commands
Aliases: Incident, incident
Quick peek
Open full term page
Management and Governance
premium
Invoice section
Invoice section controls how Microsoft Customer Agreement charges are grouped on invoices so finance and engineering teams can allocate ownership and review monthly spend. Teams see it in cost management and billing portal, billing accounts. It is not an invoice model, resource group, management group, cost center tag, billing profile, subscription, or Azure Policy assignment; confusing them can create misallocated cloud spend, subscription charges on the wrong invoice group. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Cost Management and Billing
Fundamentals
5 commands
Aliases: MCA invoice section, billing invoice section, Azure invoice section, invoice grouping
Quick peek
Open full term page
Security
premium
Just-in-time VM access
Just-in-time VM access is the Microsoft Defender for Cloud control that locks down VM management ports and opens approved inbound access only for a limited time.
Defender for Cloud
intermediate
5 commands
Aliases: JIT VM access, Defender for Cloud JIT, just in time access, JIT network access policy
Quick peek
Open full term page
Security
premium
Key Vault
Azure Key Vault is a cloud service for storing and controlling access to secrets, keys, and certificates. It helps applications, administrators, and automation protect sensitive values with encryption, access control, logging, purge protection, private networking, and managed integration across Azure workloads.
Secrets and keys
Fundamentals
5 commands
Aliases: Key Vault, Azure Key Vault, vault, secrets store, certificate vault, secure secrets store, key vault resource
Quick peek
Open full term page
Management and Governance
premium
Platform baseline
A platform baseline is the minimum set of governance, security, identity, networking, monitoring, and cost controls an Azure environment should inherit before workloads deploy. It sets standard expectations for subscriptions, landing zones, policy assignments, RBAC, logging, tags, and operational ownership across the estate.
Governance operations
fundamentals
5 commands
Aliases: Azure platform baseline, governance baseline, enterprise platform baseline
Quick peek
Open full term page
Monitoring and Observability
premium
Service Health alert
A Service Health alert is an Azure Monitor activity log alert that watches ServiceHealth events for selected subscriptions, regions, and services. It routes incident, planned maintenance, security, or health advisory notifications to action groups so teams learn about platform issues before users report symptoms.
Operational hygiene
intermediate
5 commands
Aliases: Azure Service Health alert, Service Health alert, ServiceHealth activity log alert, platform health alert, service health alert, service-health-alert
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse SQL on-demand
Synapse SQL on-demand is the serverless SQL pool model in Azure Synapse Analytics. It lets teams run T-SQL queries over data in the lake without provisioning dedicated warehouse capacity, storing only metadata objects while using external data sources, views, functions, and security objects.
Synapse Analytics
fundamentals
6 commands
Aliases: SQL on-demand, Synapse serverless SQL, serverless SQL in Synapse, built-in serverless SQL pool
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse Studio
Synapse Studio is the browser-based workspace experience for Azure Synapse Analytics. It exposes hubs for data, development, integration, monitoring, and management, letting users author notebooks and SQL scripts, build pipelines, configure connections, review access, and work with Git-backed or live artifacts.
Synapse Analytics
fundamentals
6 commands
Aliases: Azure Synapse Studio, Synapse web workspace, Synapse workspace UI, Synapse authoring experience
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse workspace firewall
A Synapse workspace firewall is the IP allowlist around a Synapse workspace when it accepts public network traffic. It decides which client IPv4 ranges can attempt to connect before identity permissions are evaluated. It does not grant access by itself; a user or service still needs the right Azure, Synapse, or SQL permissions. It...
Synapse Analytics
intermediate
6 commands
Aliases: Synapse IP firewall rule, workspace firewall rule, Synapse workspace IP allowlist, Synapse public endpoint firewall
Quick peek
Open full term page
Storage
learning-path-anchor
Sync group
A sync group is the container that tells Azure File Sync which cloud file share and which Windows Server folders should stay synchronized. Think of it as one file namespace with a hub in Azure and one or more on-premises or edge locations attached to it. If two groups represent different shares or business...
Files, queues, and tables
fundamentals
6 commands
Aliases: Azure File Sync group, file sync group, sync topology, storage sync group
Quick peek
Open full term page
Databases
premium
Advanced threat protection for SQL
Advanced threat protection for SQL is the Defender for SQL capability that detects anomalous and potentially harmful database activity. In everyday Azure work, teams use it to surface SQL injection attempts, unusual access, unfamiliar principals, suspicious applications, or brute-force credential patterns. The useful evidence is Defender plan state, server or database protection setting, alert recipient,
Azure SQL
intermediate
4 commands
Aliases: SQL Advanced Threat Protection, Azure SQL threat detection, Defender for SQL ATP, ATP for Azure SQL
Quick peek
Open full term page
Management and Governance
premium
Advisor score
Advisor score is an Azure Advisor percentage score that summarizes how closely resources follow recommended best practices. In everyday Azure work, teams use it to measure improvement across cost, reliability, security, performance, and operational excellence recommendations. The useful evidence is overall score, category score, impacted resource count, potential score increase, date, aggregation level, and filtered
Azure Advisor
fundamentals
4 commands
Aliases: Azure Advisor score, best practices score, cloud optimization score
Quick peek
Open full term page
Security
premium
Application Gateway WAF policy
An Application Gateway WAF policy stores Web Application Firewall configuration for Application Gateway v2. It includes managed rules, custom rules, exclusions, and policy settings, and can be associated globally, with a listener, or with a path-based rule for targeted web request inspection.
Web application firewall
intermediate
4 commands
Aliases: Application Gateway WAF policy, WAF policy for Application Gateway, Azure WAF policy, regional WAF policy
Quick peek
Open full term page
Management and Governance
premium
Application landing zone
An application landing zone is one or more governed Azure subscriptions for a workload environment, placed under management groups so it inherits platform policies and shared services.
Landing zones
fundamentals
4 commands
Aliases: application landing zone
Quick peek
Open full term page
Management and Governance
premium
Azure Advisor
Azure Advisor is the Azure recommendation service that reviews resource configuration and usage signals, then suggests best-practice actions for healthier cloud deployments. In Azure, teams encounter it when platform teams need a prioritized backlog for cost savings, reliability fixes, security hardening, performance improvements, and operational excellence. The useful question is what behavior it proves, who
Optimization
fundamentals
4 commands
Aliases: Advisor, Azure Advisor recommendations, Advisor score
Quick peek
Open full term page
AI and Machine Learning
premium
Azure AI services
Azure AI services is the family of Azure cloud AI APIs and resources, surfaced through Foundry Tools, for vision, speech, language, translation, content, and generative scenarios.
AI services
fundamentals
4 commands
Aliases: AI services, Azure AI services account, Cognitive Services, Foundry Tools
Quick peek
Open full term page
AI and Machine Learning
premium
Azure AI Translator
A cloud-based machine translation service for translating text and documents across supported languages through REST APIs and client libraries.
AI services
intermediate
4 commands
Aliases: Azure Translator, Document Translation, Text Translation, Translator
Quick peek
Open full term page
Hybrid and Multicloud
premium
Azure Arc
A hybrid and multicloud management platform that extends Azure governance, security, operations, and services to resources running outside Azure.
Hybrid management
fundamentals
4 commands
Aliases: Arc, Arc-enabled infrastructure, Azure Arc hybrid management
Quick peek
Open full term page
Hybrid and Multicloud
premium
Azure Arc-enabled server
A Windows or Linux physical server or virtual machine outside Azure that is connected to Azure Arc and managed as an Azure resource.
Hybrid management
fundamentals
4 commands
Aliases: Arc-enabled server, Azure Arc server, connected machine, hybrid machine
Quick peek
Open full term page
Networking
premium
Azure Firewall
Azure Firewall is a managed, stateful network firewall service for filtering traffic to and from Azure virtual network resources. It helps network security and platform teams centralize traffic control, logging, and threat protection across workloads without deploying self-managed firewall appliances for every landing zone. You see it when hub-spoke networks need egress control, applications require segmentation, regulated workloads need inspection, or teams need consistent firewall policy logging. It still needs ownership, network design, monitoring, and recovery planning. Operators need repeatable evidence for deployment, protection, troubleshooting, and reviews, not screenshots or tribal knowledge.
Network security
intermediate
4 commands
Aliases: Azure network firewall
Quick peek
Open full term page
Compute
premium
Azure Update Manager
Azure Update Manager is a unified service for managing and governing operating system updates across Azure virtual machines, on-premises servers, and other cloud servers connected through Azure Arc.
Virtual Machines
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Security
premium
Data exfiltration control
A set of Azure controls that restrict, inspect, or approve where sensitive data can leave a workload, workspace, network, or tenant boundary.
Network and data protection
Intermediate
4 commands
Aliases: egress control, data exfiltration protection, approved outbound data boundary
Quick peek
Open full term page
Analytics
premium
Data Factory connector
A built-in or configured integration capability that lets Data Factory read from or write to a supported data store, SaaS application, or service endpoint.
Data integration and orchestration
Intermediate
4 commands
Aliases: Data Factory connector, ADF connector, data factory connector
Quick peek
Open full term page
Analytics
premium
Data Factory debug run
An interactive test execution used while authoring a Data Factory pipeline or data flow before publishing or triggering it in production.
Data integration and orchestration
Intermediate
4 commands
Aliases: Data Factory debug run, ADF debug run, data factory debug run
Quick peek
Open full term page
Analytics
premium
Data Factory expression language
The syntax and function set used in Data Factory to build dynamic values, reference parameters, inspect activity output, and control pipeline behavior.
Data integration and orchestration
Intermediate
4 commands
Aliases: Data Factory expression language, ADF expression language, data factory expression language
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search