Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 137 matching terms. Narrow the search to reduce the list.
Management and Governance
premium
Compliance scan
an Azure Policy evaluation run that checks resources against assigned policy and initiative definitions so their current compliance results can be refreshed
Azure Policy
Intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
strict-validated
Compliance state
Compliance state is the Azure Policy evaluation result that indicates whether a resource complies with assigned policy rules, is noncompliant, exempt, conflicted, or not yet evaluated.
Azure Policy
Intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Policy compliance state
Policy compliance state is the status Azure Policy reports after evaluating a resource against an assigned rule. It tells you whether the resource appears compliant, non-compliant, exempt, conflicting, or not fully known for that evaluation. This is not just a dashboard color. It is the evidence operators use to decide whether a deployment broke a rule, whether a remediation task is needed, or whether an exemption is hiding risk. A learner should connect compliance state to a specific resource, policy assignment, definition, timestamp, and scope.
Azure Policy
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Security
verified
Regulatory compliance
Regulatory compliance is the view that translates cloud security findings into standards, controls, and audit language. Instead of only saying “this storage account is misconfigured,” Defender for Cloud can show how that issue affects a benchmark or regulatory framework. For operators, it
Compliance
fundamentals
5 commands
Aliases: Defender for Cloud regulatory compliance, compliance dashboard, compliance standards, regulatory compliance standards
Quick peek
Open full term page
AI and Machine Learning
learning-path-anchor
System message
A system message is the instruction layer that tells an Azure OpenAI chat model how it should behave before it answers the user's request. It can define the assistant's role, tone, allowed sources, formatting rules, safety boundaries, and refusal behavior. It is stronger than an ordinary user message, but it is not magic and...
Azure OpenAI
fundamentals
5 commands
Aliases: system prompt, metaprompt, developer instruction, assistant instruction
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Tagging strategy
A tagging strategy is the playbook for using tags without making a mess. It answers simple but important questions: which tags are required, who owns the list, which values are allowed, where tags are applied, and what happens when a resource is missing one. Without a strategy, tags become random notes. With a strategy, tags become a dependable system for cost allocation, ownership, lifecycle cleanup, compliance evidence, and operational routing. The best strategies are small enough to follow and strict enough to m
Tags and naming
fundamentals
5 commands
Aliases: Azure tagging strategy, tag governance strategy, tag taxonomy, resource tagging standard
Quick peek
Open full term page
Management and Governance
premium
Azure Policy
Azure Policy is a governance service for creating, assigning, and managing rules that evaluate Azure resources.
Azure Policy
fundamentals
7 commands
Aliases: Policy
Quick peek
Open full term page
Databases
premium
Cosmos DB serverless account
Cosmos DB serverless account is a Cosmos DB account created with the serverless capacity mode so databases and containers are billed by consumed request units and storage. It turns serverless billing into an account-level design choice rather than a per-container toggle. You see it when teams create accounts for prototypes, seasonal apps, low-duty-cycle workloads, or services with uncertain early demand. The production check is whether the account capacity mode supports the API, scale target, compliance need, and migration plan. Document the decision in code, templates, metrics, and runbooks.
Azure Cosmos DB
intermediate
6 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Exemption
An Exemption in Azure Policy records an approved exception that excludes a resource hierarchy or individual resource from evaluation of a policy assignment. Teams use it to document a justified policy exception with scope, reason, category, expiration, and evidence instead of silently ignoring noncompliance. It is not a policy exclusion in assignment scope, a deny override, a remediation task, or permission to bypass governance without approval and review. In production, confirm assignment ID, exemption scope, category, expiration, metadata, policy definition references, approving owner, affected resources, compliance impact, and review evidence before treating the design as healthy or ready for release.
Azure Policy
intermediate
6 commands
Aliases: policy exemption, Azure Policy exemption, waiver
Quick peek
Open full term page
AI and Machine Learning
premium
Form Recognizer
Form Recognizer is the former name for Azure AI Document Intelligence, an Azure AI service that analyzes documents and extracts text, tables, layout, and structured fields. Teams use it to turn invoices, receipts, IDs, contracts, forms, and scanned documents into structured data for applications, workflow automation, search indexing, review queues, and compliance processing. It is not a human legal review, a guarantee that every extracted field is correct, a storage system for regulated documents, or a reason to skip confidence thresholds and validation logic.
Azure AI Document Intelligence
intermediate
6 commands
Aliases: Azure Form Recognizer, Azure AI Document Intelligence, Document Intelligence, Azure AI Form Recognizer
Quick peek
Open full term page
Networking
premium
Web Application Firewall
Azure Web Application Firewall is a centralized protection service for HTTP applications. It can run with Application Gateway, Front Door, Application Gateway for Containers, or Azure CDN, using managed and custom rules to detect and block common exploits such as SQL injection and cross-site scripting.
Application security
fundamentals
6 commands
Aliases: WAF, Azure WAF, Application Gateway WAF, Front Door WAF
Quick peek
Open full term page
Databases
premium
Azure SQL auditing
Azure SQL auditing tracks database events and writes audit logs to supported destinations such as storage, Log Analytics, or Event Hubs.
Azure SQL Database
fundamentals
5 commands
Aliases: Azure SQL audit logs, Azure SQL auditing, SQL auditing, database auditing
Quick peek
Open full term page
Databases
premium
Azure SQL automated backup
Azure SQL automated backup automatically protects databases and supports point-in-time restore using service-managed backup chains.
Azure SQL Database
fundamentals
5 commands
Aliases: Azure SQL automated backup, Azure SQL automatic backups, SQL automated backups, point-in-time restore backups
Quick peek
Open full term page
Identity
premium
B2B collaboration
Microsoft Entra B2B collaboration lets organizations invite external users and business partners to access applications and resources while keeping control of corporate data and access policies.
External identities
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Backup job
A backup job is an Azure Backup operation record for work such as protecting, backing up, restoring, stopping protection, or validating recovery activity in a vault.
Backup and recovery
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Backup policy
A backup policy defines when Azure Backup runs protection jobs and how long recovery points are retained for a protected workload.
Backup and recovery
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Migration
premium
Backup vault
A Backup vault is an Azure Backup storage and management entity that stores backups, recovery points, and backup policies for supported newer workloads.
Backup and recovery
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Analytics
premium
Databricks workspace Private Link
Databricks workspace Private Link is the Azure Private Link configuration that provides private connectivity paths to Azure Databricks workspace resources and related Databricks services without exposing traffic to the public internet.
Azure Databricks
advanced
5 commands
Aliases: Azure Databricks Private Link, Databricks private endpoint, workspace private endpoint, front-end Private Link
Quick peek
Open full term page
Management and Governance
premium
Drift detection
Drift detection identifies differences between the expected configuration baseline and the actual state of resources, policies, workloads, or managed infrastructure.
Operational compliance
intermediate
5 commands
Aliases: configuration drift detection, resource drift detection, drift monitoring, infrastructure drift detection
Quick peek
Open full term page
Integration
premium
Event Hubs capture
Event Hubs Capture automatically writes streaming data from an event hub to Azure Blob Storage or Azure Data Lake Storage based on configured time or size intervals. Teams use it to archive raw event streams to storage for analytics, compliance, replay, or lakehouse ingestion without writing a separate capture consumer. It is not a consumer group, a checkpoint, a data transformation job, or a guarantee that downstream analytics has already processed the archived files. In production, confirm the namespace, event hub, partitions, capacity, identity, network path, consumer group, checkpoint behavior, monitoring, and owner before treating the stream as safe.
Event Hubs
intermediate
5 commands
Aliases: Azure Event Hubs Capture, Capture Streaming Events, Event Hubs archive capture
Quick peek
Open full term page
Storage
premium
Immutable blob versioning
Immutable blob versioning is version-level immutability for Azure Blob Storage, where protected blob versions can be retained in a write-once, read-many state.
Blob Storage
intermediate
5 commands
Aliases: Immutable blob versioning, immutable blob versioning, immutable-blob-versioning
Quick peek
Open full term page
Storage
premium
Immutable storage
Immutable storage is Azure Blob Storage configured to protect data in a write-once, read-many state so it cannot be modified or deleted during a retention period.
Data protection
intermediate
5 commands
Aliases: Immutable storage, immutable storage, immutable-storage
Quick peek
Open full term page
Management and Governance
premium
Indexed mode
Indexed mode is the Azure concept that controls which Azure resources are considered during evaluation of a policy definition. Teams see it when working with azure policy definitions, policy mode field. It is not the all mode, an indexed search field, a database index, or an Azure AI Search index; that distinction matters because bad assumptions create resources not evaluated, false compliance confidence. Use the term when reviewing ownership, access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same resource, setting, or behavior.
Azure Policy
Intermediate
5 commands
Aliases: Azure Policy indexed mode, policy definition indexed mode, indexed policy mode, mode indexed
Quick peek
Open full term page
Storage
premium
Infrastructure encryption for storage
Infrastructure encryption for storage controls how Azure Storage applies optional double encryption to blobs, files, queues, or tables depending on account and scope configuration. Teams see it in storage account creation, encryption blade. It is not blob immutability, soft delete, encryption in transit, customer-managed key rotation, or disabling shared key authorization; confusing them can create storage accounts that cannot meet compliance, rebuild-only remediation. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Azure Storage Security
Intermediate
5 commands
Aliases: storage infrastructure encryption, storage account double encryption, require infrastructure encryption, double encryption for Azure Storage
Quick peek
Open full term page
Security
premium
Key Vault
Azure Key Vault is a cloud service for storing and controlling access to secrets, keys, and certificates. It helps applications, administrators, and automation protect sensitive values with encryption, access control, logging, purge protection, private networking, and managed integration across Azure workloads.
Secrets and keys
Fundamentals
5 commands
Aliases: Key Vault, Azure Key Vault, vault, secrets store, certificate vault, secure secrets store, key vault resource
Quick peek
Open full term page
Management and Governance
premium
Management group
Microsoft Learn describes management groups as governance containers above subscriptions that let organizations organize subscriptions into a hierarchy. They support unified policy, access management, and governance controls across many subscriptions instead of repeating the same assignments subscription by subscription at enterprise scale.
Azure governance
fundamentals
5 commands
Aliases: Azure management group, Management group hierarchy, MG scope
Quick peek
Open full term page
Containers
premium
Node label
A node label is a key-value marker placed on Kubernetes nodes. In AKS, labels are commonly applied at the node pool level so every node in that pool carries the same scheduling signal. Applications can then ask Kubernetes to run certain pods on nodes with matching labels. Plainly,.
Azure Kubernetes Service
intermediate
5 commands
Aliases: AKS node label, Kubernetes node label, node selector label
Quick peek
Open full term page
DevOps
premium
Pipeline in Azure DevOps
A pipeline in Azure DevOps is an automated build, test, and deployment workflow. Microsoft Learn describes Azure Pipelines as CI/CD for many languages, platforms, and targets, with YAML or classic definitions that connect source changes to repeatable delivery stages.
CI/CD
fundamentals
5 commands
Aliases: Azure Pipelines, ADO pipeline, Azure DevOps CI/CD pipeline, YAML pipeline, Azure Pipeline, DevOps pipeline
Quick peek
Open full term page
DevOps
premium
Policy as Code
Policy as Code means treating Azure guardrails like application code. Instead of clicking policies into existence one subscription at a time, teams write policy definitions, initiatives, assignments, parameters, and exemptions in files, review them in pull requests, test them in lower environments, and deploy them through pipelines. It makes governance repeatable and traceable. A learner should think of it as the difference between a shared checklist and an automated rulebook that can be versioned, approved, rolled back, and proven during audits.
Governance operations
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Policy assignment
The object that applies a policy or initiative to a management group, subscription, resource group, or resource scope.
Azure Policy
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Policy assignment enforcement mode
Policy assignment enforcement mode is the safety switch on a policy assignment. When it is Default, Azure Policy can enforce the policy effect, such as deny, modify, audit, or deployIfNotExists, during resource changes. When it is DoNotEnforce, Azure still evaluates resources for compliance, but the effect does not block or change deployments. That makes it useful for testing a new guardrail. It is not the same as deleting the assignment or using the Disabled effect, because evaluation can still show expected impact.
Azure Policy
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Policy assignment scope
Policy assignment scope answers a simple question: where does this policy apply? If a policy is assigned at a management group, subscriptions under that management group can inherit it. If it is assigned at a resource group, resources in that group are targeted. Scope is not just a label; it determines who feels the rule. Exclusions and exemptions can narrow the effect, but a broad assignment can still reach many teams. Good scope choices make governance predictable, explainable, and safer to operate.
Azure Policy
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Policy definition mode
Policy definition mode tells Azure Policy what kind of resources the policy should evaluate. The all mode evaluates resource groups, subscriptions, and resource types. The indexed mode focuses on resource types that support tags and location, which is useful for tag and location policies. Some built-in policies use resource provider modes for deeper surfaces such as Kubernetes or Key Vault data. Choosing the wrong mode can make a policy miss resources, mark the wrong resources non-compliant, or fail to behave the way authors expect.
Azure Policy
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Policy effect
A policy effect is the action Azure Policy takes after a rule matches a resource. The rule asks a question, such as whether a storage account allows public access, and the effect decides the response. Some effects only record a finding, some block the request, some add or change properties, and some deploy supporting settings later. For a learner or operator, the effect is the difference between a policy that warns, a policy that prevents drift, and a policy that actively repairs configuration.
Azure Policy
intermediate
5 commands
Aliases: Policy effect, policy-effect
Quick peek
Open full term page
Management and Governance
premium
Policy event
A policy event is a record or notification that something changed in Azure Policy evaluation. It can tell you that a resource became compliant, became non-compliant, or had a policy state created or removed. Instead of waiting for someone to refresh a portal report, teams can query policy events or route state-change events through Event Grid. For operators, this makes policy activity visible close to the time it happens, so compliance changes can trigger alerts, tickets, evidence capture, or remediation workflows.
Azure Policy
intermediate
5 commands
Aliases: Policy event, policy-event
Quick peek
Open full term page
Management and Governance
premium
Policy exemption
A policy exemption is an approved exception to an Azure Policy assignment. It says that a resource, resource group, subscription, or management group should not be evaluated by a specific policy or initiative for a documented reason. The resource still appears in compliance reporting, but the exemption explains why it is not treated like ordinary non-compliance. Exemptions are useful when a migration, vendor dependency, outage response, or compensating control makes immediate compliance unrealistic. They should be owned, time-bound, and reviewed.
Azure Policy
intermediate
5 commands
Aliases: Policy exemption, policy-exemption
Quick peek
Open full term page
Management and Governance
premium
Policy initiative
A policy initiative is a bundle of related Azure Policy definitions. Instead of assigning ten separate policies for tags, allowed regions, diagnostics, encryption, and public access, a team can group them into one initiative and assign that package to a scope. It makes a governance baseline easier to deploy, review, and explain. For learners, think of an initiative as a control set: the individual policies still do the checking, but the initiative provides the organized package, shared parameters, and management structure.
Azure Policy
intermediate
5 commands
Aliases: Policy initiative, Policy set definition, policy-initiative
Quick peek
Open full term page
Management and Governance
premium
Policy Insights
Policy Insights is where Azure Policy compliance evidence becomes queryable. Azure Policy definitions and assignments describe what should happen, but Policy Insights shows what Azure observed after evaluation. It stores state records that show current compliance and event records that show recent evaluation activity. Operators use it to answer questions such as which resources are non-compliant, which assignment is responsible, when the state changed, and whether remediation improved results. It turns policy from a static rule set into operational telemetry.
Azure Policy
intermediate
5 commands
Aliases: Policy Insights, policy-insights
Quick peek
Open full term page
Management and Governance
premium
Policy notScope
Policy notScope is the list of places where an Azure Policy assignment should not apply. Think of it as a surgical exclusion inside a larger assignment. A governance team might assign a location policy to an entire management group, then exclude a disaster recovery resource group or migration subscription that needs temporary freedom. The assignment still exists at the parent scope, but Azure Policy skips the excluded child scope during evaluation, so those resources do not appear as non-compliant for that assignment.
Azure Policy
intermediate
5 commands
Aliases: notScopes, Policy notScope, policy-not-scope
Quick peek
Open full term page
Management and Governance
premium
Policy remediation
Policy remediation is Azure Policy’s controlled repair job for resources that already exist. A deny policy can stop a bad new deployment, but it cannot automatically fix old resources. Remediation is for policies with modify or deployIfNotExists effects, such as adding required tags or deploying missing diagnostic settings. You create a remediation task, Azure finds the affected resources, and the assignment’s managed identity performs the configured change. It is governance automation, but it still needs careful scope, permission, and result review.
Azure Policy
intermediate
5 commands
Aliases: Policy remediation, policy-remediation
Quick peek
Open full term page
Management and Governance
premium
Policy state
Policy state is the evidence record behind an Azure Policy compliance result. It answers practical questions such as which resource was evaluated, which policy assignment applied, whether the resource was compliant, and when Azure last knew that result. The portal summarizes these states, but operators often query them directly through Azure CLI, REST, or Resource Graph when they need proof. Policy state is especially useful when a dashboard says “non-compliant” and the team needs to locate the exact resource, policy, scope, and reason.
Azure Policy
intermediate
5 commands
Aliases: Policy state, policy-state
Quick peek
Open full term page
Monitoring and Observability
premium
Service Health alert
A Service Health alert is an Azure Monitor activity log alert that watches ServiceHealth events for selected subscriptions, regions, and services. It routes incident, planned maintenance, security, or health advisory notifications to action groups so teams learn about platform issues before users report symptoms.
Operational hygiene
intermediate
5 commands
Aliases: Azure Service Health alert, Service Health alert, ServiceHealth activity log alert, platform health alert, service health alert, service-health-alert
Quick peek
Open full term page
Storage
premium
SFTP for Blob Storage
SFTP for Blob Storage is the storage-account feature that exposes blob containers to SFTP clients after hierarchical namespace is enabled. Administrators configure local users, authentication methods, home directories, and permission scopes so external or internal clients can transfer files without custom SFTP infrastructure.
Blob Storage
advanced
5 commands
Aliases: Blob Storage SFTP, SFTP for Blob Storage, SFTP landing zone, storage SFTP local user, SFTP-enabled storage account
Quick peek
Open full term page
Security
premium
Application Gateway WAF policy
An Application Gateway WAF policy stores Web Application Firewall configuration for Application Gateway v2. It includes managed rules, custom rules, exclusions, and policy settings, and can be associated globally, with a listener, or with a path-based rule for targeted web request inspection.
Web application firewall
intermediate
4 commands
Aliases: Application Gateway WAF policy, WAF policy for Application Gateway, Azure WAF policy, regional WAF policy
Quick peek
Open full term page
Management and Governance
premium
AuditIfNotExists effect
AuditIfNotExists effect is Azure Policy’s way to say, “this resource is allowed to exist, but something related to it is missing.” It does not deny the deployment. Instead, after the resource provider accepts a create or update, Policy checks for a companion resource or configuration, such as diagnostics, extensions, or protection.
Azure Policy
fundamentals
4 commands
Aliases: Azure Policy auditIfNotExists, audit if not exists, policy audit related resource, auditIfNotExists policy effect
Quick peek
Open full term page
Compute
premium
Automatic OS image upgrade
Automatic OS image upgrade lets Azure update the operating system image used by a virtual machine scale set as new image versions are published. In plain terms, instead of manually replacing every instance, the scale set can roll newer OS disks across the fleet in batches. It helps keep Windows and Linux scale-out workers current. The.
Virtual Machines
intermediate
4 commands
Aliases: VMSS automatic OS image upgrade, automatic OS upgrade, scale set automatic image upgrade, enable-auto-os-upgrade
Quick peek
Open full term page
Compute
premium
Availability zone
Availability zone is a physically separate zone inside an Azure region with independent datacenter infrastructure such as power, cooling, and networking. In Azure, teams encounter it when architects choose whether a workload should pin resources to one zone or spread service instances across multiple zones. The useful question is what behavior it proves, who owns
Availability
fundamentals
4 commands
Aliases: Azure availability zone, zone, zone-redundant deployment, zonal deployment
Quick peek
Open full term page
AI and Machine Learning
premium
Azure AI Language
Azure AI Language is the Azure natural-language processing service for analyzing and understanding text with prebuilt and customizable language capabilities.
AI services
intermediate
4 commands
Aliases: Azure Language, Azure Language in Foundry Tools, Azure Language service, Language in Foundry Tools, Language service
Quick peek
Open full term page
Databases
premium
Azure SQL transparent data encryption
Azure SQL Transparent Data Encryption helps protect Azure SQL Database data, log files, and backups at rest by encrypting and decrypting database pages without requiring application changes.
Azure SQL Database
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
Azure SQL vulnerability assessment
Azure SQL vulnerability assessment is a Defender for Cloud capability that scans Azure SQL databases for security misconfigurations, risky settings, and findings that can be reviewed and remediated.
Azure SQL Database
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search