Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 1,663 matching terms. Narrow the search to reduce the list.
Security
complete
Defender for Cloud
Microsoft Defender for Cloud is a cloud-native application protection platform that provides security posture management, recommendations, regulatory insights, and workload protection across Azure, multicloud, and DevOps environments.
Cloud security posture
beginner
4 commands
Aliases: Microsoft Defender for Cloud, Azure Defender for Cloud, MDC
Quick peek
Open full term page
Containers
premium
Defender for Containers
Microsoft Defender for Containers is a Defender for Cloud plan that provides security posture, vulnerability assessment, and threat protection for containerized assets such as Kubernetes clusters, workloads, registries, and images.
Azure Kubernetes Service
intermediate
4 commands
Aliases: Microsoft Defender for Containers, container protection plan, Defender container security
Quick peek
Open full term page
Management and Governance
premium
Cloud resource hygiene
Cloud resource hygiene is an operational governance practice for keeping Azure resources organized, tagged, owned, secured, monitored, costed, and retired when no longer needed.
Operational hygiene
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Containers
premium
Azure Container Registry
A managed private registry service for building, storing, and managing container images and OCI artifacts for container deployments.
Container images
fundamentals
5 commands
Aliases: ACR
Quick peek
Open full term page
Management and Governance
premium
Azure Lighthouse
Azure Lighthouse enables secure delegated management of Azure resources across customer tenants, supporting service providers and central teams with scalable cross-tenant governance.
Delegated resource management
advanced
5 commands
Aliases: Lighthouse, delegated resource management, Microsoft Managed Services delegation
Quick peek
Open full term page
Management and Governance
premium
Drift detection
Drift detection identifies differences between the expected configuration baseline and the actual state of resources, policies, workloads, or managed infrastructure.
Operational compliance
intermediate
5 commands
Aliases: configuration drift detection, resource drift detection, drift monitoring, infrastructure drift detection
Quick peek
Open full term page
Integration
premium
Event Hubs SAS policy
An Event Hubs SAS policy is an authorization rule with shared keys and permissions that can produce SAS tokens or connection strings for Event Hubs access. Teams use it to grant time-bound or key-based Event Hubs access when Microsoft Entra ID is not practical for a producer or consumer. It is not a managed identity, RBAC assignment, Key Vault secret by itself, or a safe replacement for least-privilege access review. In production, confirm the namespace, event hub, partitions, identity, network path, consumer groups, checkpoints, metrics, owner, and rollback plan before treating the stream design as healthy.
Event Hubs
intermediate
5 commands
Aliases: shared access signature policy, SAS authorization rule, Event Hubs access policy
Quick peek
Open full term page
Security
premium
Incident
Incident is a security or operational case that groups alerts, entities, evidence, investigation notes, and response actions around a potential issue.
SIEM and SOAR
fundamentals
5 commands
Aliases: Incident, incident
Quick peek
Open full term page
Security
premium
Just-in-time VM access
Just-in-time VM access is the Microsoft Defender for Cloud control that locks down VM management ports and opens approved inbound access only for a limited time.
Defender for Cloud
intermediate
5 commands
Aliases: JIT VM access, Defender for Cloud JIT, just in time access, JIT network access policy
Quick peek
Open full term page
Management and Governance
premium
Platform baseline
A platform baseline is the minimum set of governance, security, identity, networking, monitoring, and cost controls an Azure environment should inherit before workloads deploy. It sets standard expectations for subscriptions, landing zones, policy assignments, RBAC, logging, tags, and operational ownership across the estate.
Governance operations
fundamentals
5 commands
Aliases: Azure platform baseline, governance baseline, enterprise platform baseline
Quick peek
Open full term page
Security
premium
Secure Score
Secure Score in Microsoft Defender for Cloud is a risk-based measurement of cloud security posture. It summarizes progress against security recommendations and controls so teams can prioritize remediation, track improvement, and communicate posture across Azure and multicloud environments over time.
Cloud security posture
fundamentals
5 commands
Aliases: secure score, Defender for Cloud secure score, cloud secure score, security posture score, Microsoft Defender secure score
Quick peek
Open full term page
Management and Governance
premium
Azure Advisor
Azure Advisor is the Azure recommendation service that reviews resource configuration and usage signals, then suggests best-practice actions for healthier cloud deployments. In Azure, teams encounter it when platform teams need a prioritized backlog for cost savings, reliability fixes, security hardening, performance improvements, and operational excellence. The useful question is what behavior it proves, who
Optimization
fundamentals
4 commands
Aliases: Advisor, Azure Advisor recommendations, Advisor score
Quick peek
Open full term page
Databases
premium
Azure SQL vulnerability assessment
Azure SQL vulnerability assessment is a Defender for Cloud capability that scans Azure SQL databases for security misconfigurations, risky settings, and findings that can be reviewed and remediated.
Azure SQL Database
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Governance baseline
A governance baseline is the minimum set of policies, access controls, tags, logging, security, and compliance requirements that Azure environments must meet before workloads are trusted for production.
Governance operations
intermediate
4 commands
Aliases: Azure governance baseline, cloud governance baseline, landing zone governance baseline
Quick peek
Open full term page
Security
verified
Regulatory compliance
Regulatory compliance is the view that translates cloud security findings into standards, controls, and audit language. Instead of only saying “this storage account is misconfigured,” Defender for Cloud can show how that issue affects a benchmark or regulatory framework. For operators, it
Compliance
fundamentals
5 commands
Aliases: Defender for Cloud regulatory compliance, compliance dashboard, compliance standards, regulatory compliance standards
Quick peek
Open full term page
Compute
field-manual-complete
VM extension
A VM extension is an Azure-managed package installed through the VM agent to configure, monitor, secure, or troubleshoot a virtual machine after deployment.
Virtual Machines
fundamentals
5 commands
Aliases: Azure VM extension, virtual machine extension, VM agent extension, extension handler, custom script extension
Quick peek
Open full term page
Security
verified
Zero Trust
Zero Trust is a security strategy that assumes breach, verifies every access request explicitly, and uses least privilege to reduce blast radius. In Azure, it is implemented through identity, device, network, data, application, monitoring, governance, and threat-detection controls across environments.
Security architecture
fundamentals
5 commands
Aliases: Zero Trust architecture, Never trust always verify, Assume breach, Verify explicitly
Quick peek
Open full term page
Security
field-manual-complete
Security recommendation
A security recommendation is a prioritized instruction from Microsoft Defender for Cloud that says, in effect, this resource has a security problem worth reviewing.
Cloud security posture
fundamentals
4 commands
Aliases: Defender for Cloud recommendation, cloud security recommendation, security assessment
Quick peek
Open full term page
Security
top-250-pre130-priority-upgraded
Microsoft Sentinel
Microsoft Sentinel means Microsoft cloud SIEM and SOAR service for collecting security signals, detecting threats, investigating incidents, and automating response. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
SIEM and SOAR
fundamentals
4 commands
Aliases: Sentinel, Azure Sentinel, Microsoft Sentinel SIEM
Quick peek
Open full term page
Storage
premium
SFTP for Blob Storage
SFTP for Blob Storage is the storage-account feature that exposes blob containers to SFTP clients after hierarchical namespace is enabled. Administrators configure local users, authentication methods, home directories, and permission scopes so external or internal clients can transfer files without custom SFTP infrastructure.
Blob Storage
advanced
5 commands
Aliases: Blob Storage SFTP, SFTP for Blob Storage, SFTP landing zone, storage SFTP local user, SFTP-enabled storage account
Quick peek
Open full term page
Databases
premium
Advanced threat protection for SQL
Advanced threat protection for SQL is the Defender for SQL capability that detects anomalous and potentially harmful database activity. In everyday Azure work, teams use it to surface SQL injection attempts, unusual access, unfamiliar principals, suspicious applications, or brute-force credential patterns. The useful evidence is Defender plan state, server or database protection setting, alert recipient,
Azure SQL
intermediate
4 commands
Aliases: SQL Advanced Threat Protection, Azure SQL threat detection, Defender for SQL ATP, ATP for Azure SQL
Quick peek
Open full term page
Databases
premium
Azure Cosmos DB for NoSQL
The native document database API of Azure Cosmos DB for JSON data, SQL-like queries, partitioning, indexing, and scalable request-unit throughput.
Azure Cosmos DB
intermediate
4 commands
Aliases: Cosmos DB NoSQL API, Azure Cosmos DB SQL API
Quick peek
Open full term page
Databases
premium
Cosmos DB API for NoSQL
Native Azure Cosmos DB API for JSON items, containers, SQL-style queries, SDKs, change feed, partitioning, and request-unit based operations.
Azure Cosmos DB
intermediate
4 commands
Aliases: Azure Cosmos DB for NoSQL, API for NoSQL, Core SQL API, SQL API
Quick peek
Open full term page
Storage
premium
Cloud endpoint
In Azure File Sync, a cloud endpoint is a pointer to an Azure file share; server endpoints synchronize with the cloud endpoint, making the file share the sync hub.
Files, queues, and tables
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Developer Tools
premium
Cloud Shell
Azure Cloud Shell is a browser-based, authenticated, preconfigured shell experience for managing Azure resources with tools such as Azure CLI and Azure PowerShell.
Command line
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Cloud tiering
A storage feature or access model in Files, queues, and tables that helps teams store, protect, move, and govern application or analytics data with clearer ownership, safety, and operational context.
Files, queues, and tables
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Compute
premium
cloud-init
A Linux initialization mechanism commonly used to configure VMs during first boot.
Virtual Machines
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Integration
premium
CloudEvents schema
A integration pattern or service capability in Event routing that helps teams connect services reliably without tightly coupling every component with clearer ownership, safety, and operational context.
Event routing
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
command-rich
Cosmos DB for Apache Cassandra
Azure Cosmos DB for Apache Cassandra is a managed NoSQL database service that supports Cassandra workloads using CQL, drivers, and compatible tooling.
Data platform
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
command-rich
Cosmos DB for Apache Gremlin
Azure Cosmos DB for Apache Gremlin is a managed graph database service for storing, querying, and traversing graph data with the Gremlin language.
Data platform
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
command-rich
Cosmos DB for PostgreSQL
Azure Cosmos DB for PostgreSQL is a managed PostgreSQL service with Citus distributed tables, currently on a retirement path and not recommended for new projects.
Data platform
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
command-rich
Cosmos DB for Table
Azure Cosmos DB for Table is a managed NoSQL key-value and table API compatible with Azure Table storage SDKs and tools.
Data platform
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Analytics
premium
External file format
An External file format is a database object that describes the file type, delimiter, compression, and parsing options used to read or write external data. Teams use it to tell SQL engines how to interpret external files such as delimited text, Parquet, ORC, or compressed data before external tables and CETAS jobs use them. It is not the data source location, the external table schema, the actual lake file, or a guarantee that every file in a folder has the same structure.
Synapse SQL and data virtualization
intermediate
6 commands
Aliases: CREATE EXTERNAL FILE FORMAT, PolyBase file format, Synapse external file format
Quick peek
Open full term page
Analytics
premium
ForEach activity
A ForEach activity is an Azure Data Factory or Azure Synapse pipeline control-flow activity that iterates over a collection and executes child activities for each item. Teams use it to run repeatable pipeline steps for files, tables, partitions, API pages, customers, dates, or metadata-driven work items without manually building one activity per item. It is not a mapping data flow transformation, a guarantee of ordered execution when parallelism is enabled, a substitute for idempotent design, or a safe pattern for unlimited fan-out.
Azure Data Factory
intermediate
6 commands
Aliases: ADF ForEach activity, Azure Data Factory ForEach, Synapse ForEach activity, pipeline loop activity
Quick peek
Open full term page
Databases
premium
Foreign key
A foreign key is a column or set of columns that links rows in one table to key values in another table and helps enforce referential integrity. Teams use it to keep child records such as orders, invoices, payments, devices, or claim lines tied to valid parent records instead of allowing orphaned data to silently enter the database. It is not an index by itself, a security boundary, a substitute for business validation, or an enforced guarantee in every Azure analytics engine that can store a declared relationship.
Relational database
intermediate
6 commands
Aliases: FK, foreign key constraint, referential constraint, SQL foreign key
Quick peek
Open full term page
AI and Machine Learning
premium
Form Recognizer
Form Recognizer is the former name for Azure AI Document Intelligence, an Azure AI service that analyzes documents and extracts text, tables, layout, and structured fields. Teams use it to turn invoices, receipts, IDs, contracts, forms, and scanned documents into structured data for applications, workflow automation, search indexing, review queues, and compliance processing. It is not a human legal review, a guarantee that every extracted field is correct, a storage system for regulated documents, or a reason to skip confidence thresholds and validation logic.
Azure AI Document Intelligence
intermediate
6 commands
Aliases: Azure Form Recognizer, Azure AI Document Intelligence, Document Intelligence, Azure AI Form Recognizer
Quick peek
Open full term page
Storage
premium
Service endpoint for Storage
A service endpoint for Storage enables the Microsoft.Storage endpoint on a virtual network subnet and pairs it with storage account network rules. It lets workloads in that subnet reach Azure Storage over the Microsoft backbone while the account firewall allows only approved virtual network sources.
Storage platform
intermediate
6 commands
Aliases: Azure Storage VNet rule, Microsoft.Storage service endpoint, Service endpoint for Storage, Storage service endpoint, service endpoint for storage, service-endpoint-for-storage
Quick peek
Open full term page
Compute
premium
Accelerated networking for VM
Accelerated networking is a VM network performance feature. When the VM size and OS support it, Azure can send packets through a faster path that reduces CPU work, latency, and jitter. It is most useful for network-intensive workloads.
Virtual Machines
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
Azure Database for MySQL Flexible Server
A fully managed Azure database service for MySQL workloads with configurable compute, storage, backups, networking, maintenance, and high availability options.
Managed MySQL
intermediate
5 commands
Aliases: MySQL Flexible Server
Quick peek
Open full term page
Databases
premium
Azure Database for PostgreSQL Flexible Server
A fully managed Azure PostgreSQL service with configurable compute, storage, backups, networking, maintenance, extensions, and high availability options.
Managed PostgreSQL
intermediate
5 commands
Aliases: PostgreSQL Flexible Server
Quick peek
Open full term page
Storage
premium
Infrastructure encryption for storage
Infrastructure encryption for storage controls how Azure Storage applies optional double encryption to blobs, files, queues, or tables depending on account and scope configuration. Teams see it in storage account creation, encryption blade. It is not blob immutability, soft delete, encryption in transit, customer-managed key rotation, or disabling shared key authorization; confusing them can create storage accounts that cannot meet compliance, rebuild-only remediation. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Azure Storage Security
Intermediate
5 commands
Aliases: storage infrastructure encryption, storage account double encryption, require infrastructure encryption, double encryption for Azure Storage
Quick peek
Open full term page
Storage
premium
Kerberos authentication for Azure Files
Kerberos authentication for Azure Files is the identity-based SMB authentication option that lets Azure file shares use Kerberos with a supported directory identity source instead of only storage keys or SAS.
Azure Files
advanced
5 commands
Aliases: Azure Files Kerberos, Microsoft Entra Kerberos for Azure Files, identity-based authentication for Azure Files, SMB Kerberos Azure Files
Quick peek
Open full term page
Integration
premium
Service Bus auto-forwarding
Service Bus auto-forwarding chains a queue or subscription to another queue or topic in the same namespace. When enabled, Service Bus removes messages from the source and places them on the destination automatically, letting teams build routing topologies without a custom relay consumer inside the broker.
Messaging
intermediate
5 commands
Aliases: Service Bus forwarding, Service Bus forwardTo, auto-forwarding chain, forward dead-lettered messages
Quick peek
Open full term page
Storage
premium
SFTP for Azure Blob Storage
SFTP for Azure Blob Storage lets clients connect to a storage account through SSH File Transfer Protocol for file access, transfer, and management. It requires a supported storage account with hierarchical namespace enabled, then local users and scoped permissions control access to containers and paths.
Storage platform
intermediate
5 commands
Aliases: Azure Blob Storage SFTP, SFTP support for Azure Blob Storage, storage account SFTP, Blob SFTP endpoint, SFTP for Azure Blob Storage
Quick peek
Open full term page
Storage
premium
Trusted Microsoft services for storage
Trusted Microsoft services for Azure Storage are specific Azure services that Microsoft documents as eligible for storage firewall exceptions. Depending on the service, access may be based on tenant registration, supported operations, or managed identity authorization combined with Azure RBAC or Data Lake ACLs.
Storage platform
intermediate
5 commands
Aliases: trusted Azure services for Storage, storage trusted services list, Azure Storage trusted services, trusted services storage firewall
Quick peek
Open full term page
Integration
premium
Auto-forwarding
Auto-forwarding lets Azure Service Bus move messages from one queue or subscription to another queue or topic automatically. In plain terms, it is a built-in message handoff. A sender can keep publishing to the source entity while Service Bus forwards the message to the next entity in the chain. Teams use it to centralize processing,.
Messaging
fundamentals
4 commands
Aliases: Service Bus auto forwarding, autoforwarding, queue auto-forwarding, subscription auto-forwarding
Quick peek
Open full term page
Databases
premium
Azure Cache for Redis
A managed in-memory data store based on Redis that improves application performance by caching frequently accessed data close to workloads.
Cache
fundamentals
4 commands
Aliases: Azure Redis Cache, Redis cache, managed Redis cache
Quick peek
Open full term page
Databases
premium
Cosmos DB API for Cassandra
Managed Cosmos DB API for Cassandra-style wide-column applications using familiar Cassandra drivers, CQL concepts, and Azure Cosmos DB operations.
Azure Cosmos DB
intermediate
4 commands
Aliases: Azure Cosmos DB for Apache Cassandra, API for Cassandra, Cassandra API
Quick peek
Open full term page
Databases
premium
Cosmos DB API for Gremlin
Managed Cosmos DB graph API for relationship-heavy workloads that model data as vertices, edges, properties, and Gremlin traversals.
Azure Cosmos DB
intermediate
4 commands
Aliases: Azure Cosmos DB for Apache Gremlin, API for Gremlin, Gremlin API
Quick peek
Open full term page
Databases
premium
Cosmos DB API for MongoDB
Managed Cosmos DB API for document applications that use MongoDB-compatible drivers, tools, commands, and connection patterns.
Azure Cosmos DB
intermediate
4 commands
Aliases: Azure Cosmos DB for MongoDB, API for MongoDB, MongoDB API
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search