Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 1,450 matching terms. Narrow the search to reduce the list.
DevOps
premium
Infrastructure deployment script
Infrastructure deployment script controls how deployment teams run imperative setup, validation, or bridge logic inside an otherwise declarative Azure infrastructure deployment. Teams see it in bicep files, arm templates. It is not a local shell script, a DevOps pipeline task, a custom script extension, or normal template declarative resource creation; confusing them can create hung deployments, leaked script output. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Infrastructure as Code
Intermediate
5 commands
Aliases: deployment script, ARM deployment script, Bicep deployment script, deploymentScripts resource, scripted IaC step
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Template spec
A template spec stores an ARM template or Bicep deployment artifact as a versioned Azure resource.
Infrastructure as code
fundamentals
5 commands
Aliases: Template spec, template spec, Azure Template spec, ARM Template spec, Azure template spec, Microsoft.Resources/templateSpecs
Quick peek
Open full term page
Management and Governance
premium
Azure subscription
An Azure subscription is a management, billing, and scale unit for Azure resources.
Azure scope
fundamentals
7 commands
Aliases: subscription
Quick peek
Open full term page
Management and Governance
premium
Bicep
Bicep is a domain-specific language for declaratively deploying Azure resources through Azure Resource Manager.
Infrastructure as code
fundamentals
5 commands
Aliases: Azure Bicep
Quick peek
Open full term page
Management and Governance
premium
What-if deployment
A what-if deployment is a preview of changes Azure Resource Manager predicts from an ARM template or Bicep file before deployment. It shows which resources would be created, modified, ignored, or deleted without applying changes, helping teams review infrastructure impact before execution.
Infrastructure as code
fundamentals
5 commands
Aliases: ARM what-if deployment, Bicep what-if deployment, deployment preview
Quick peek
Open full term page
Management and Governance
premium
ARM template
An ARM template is a JSON file that describes the Azure infrastructure you want instead of listing every portal click or command needed to build it. You declare resources, properties, parameters, dependencies, and outputs, then Azure Resource Manager works out how to create or update the environment. Microsoft Learn anchors this term in ARM templates - Azure Resource Manager, but this field-manual definition is intentionally wider than an older short glossary entry because the page must teach what to inspect, what can break, who owns the decision, and which evidence.
Infrastructure as code
fundamentals
4 commands
Aliases: Azure Resource Manager template
Quick peek
Open full term page
Management and Governance
premium
Bicep module
A Bicep module is a reusable building block for deployments. Put a common pattern, such as a storage account, network, or policy setup, in its own file, then call it from another Bicep file with parameters and outputs instead of copying code everywhere.
Bicep
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Bicep parameter file
A Bicep parameter file is where you put values that change by environment, such as names, SKUs, regions, and flags. The main Bicep file stays reusable, while each parameter file tells Azure what values to use for dev, test, or production.
Bicep
fundamentals
4 commands
Aliases: bicepparam
Quick peek
Open full term page
Management and Governance
premium
Child management group
A child management group is a branch under a parent management group. It helps organize subscriptions into smaller governance areas, while still inheriting broad rules from above. Use it when one tenant needs different policy or access boundaries for teams, business units, or environments.
Management groups
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Complete deployment mode
Complete mode is the dangerous deployment mode. At resource-group scope, it can delete resources that are not in the template. It is useful only when you truly want the template to define the full state, and it needs careful review before production use.
ARM deployments
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Deployment name
A deployment name is the label Azure uses for one ARM or Bicep rollout. It is not the resource name. It helps you find the right deployment history, check status, inspect failed operations, and connect automation logs to the change that actually ran.
ARM deployments
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Deployment output
A deployment output is what your template hands back after it runs. Instead of hunting for a generated hostname, ID, endpoint, or principal ID, you define an output and let automation read the value directly from the deployment result.
ARM deployments
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Deployment stack
A deployment stack is an Azure Resource Manager resource that manages a group of resources deployed from a Bicep or ARM template, including lifecycle tracking, unmanaged-resource handling, and optional deny settings.
Infrastructure as code
intermediate
4 commands
Aliases: Azure deployment stack, Bicep deployment stack, Microsoft.Resources/deploymentStacks, ARM deployment stack
Quick peek
Open full term page
Management and Governance
premium
Deployment variable
A deployment variable is a named value or expression in an ARM template or Bicep file used to simplify resource definitions, construct repeatable names, reuse calculated values, and reduce duplication during deployment.
ARM deployments
fundamentals
4 commands
Aliases: ARM template variable, Bicep variable, template variable, infrastructure variable
Quick peek
Open full term page
Management and Governance
field-manual-complete
Azure Resource Manager
Azure Resource Manager, often shortened to ARM, is the front door for managing Azure resources.
Azure Resource Manager
fundamentals
6 commands
Aliases: ARM
Quick peek
Open full term page
Management and Governance
verified
Quota increase request
A quota increase request asks Azure to raise a service limit for a subscription, provider, region, or resource family. Teams use it when current usage or planned deployment capacity exceeds available quota and Azure must approve or apply a higher limit.
Azure Quotas
intermediate
5 commands
Aliases: Azure quota request, quota limit increase, service limit increase
Quick peek
Open full term page
Analytics
verified
Reference data input
A reference data input is the wiring between a Stream Analytics job and the lookup data it needs. The reference data is the table or file; the input is the job setting that says where that data lives, what alias the query
Streaming analytics
fundamentals
5 commands
Aliases: Stream Analytics reference input, reference input alias, reference lookup input
Quick peek
Open full term page
Management and Governance
top-250-pre130-priority-upgraded
Deployment operation
A deployment operation is the step-by-step evidence inside a deployment. When a template fails, the deployment name tells you which rollout to inspect, and the operations show which resource action succeeded, failed, or returned the error you need to fix.
ARM deployments
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
DevOps
premium
Policy as Code
Policy as Code means treating Azure guardrails like application code. Instead of clicking policies into existence one subscription at a time, teams write policy definitions, initiatives, assignments, parameters, and exemptions in files, review them in pull requests, test them in lower environments, and deploy them through pipelines. It makes governance repeatable and traceable. A learner should think of it as the difference between a shared checklist and an automated rulebook that can be versioned, approved, rolled back, and proven during audits.
Governance operations
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Infrastructure encryption for storage
Infrastructure encryption for storage controls how Azure Storage applies optional double encryption to blobs, files, queues, or tables depending on account and scope configuration. Teams see it in storage account creation, encryption blade. It is not blob immutability, soft delete, encryption in transit, customer-managed key rotation, or disabling shared key authorization; confusing them can create storage accounts that cannot meet compliance, rebuild-only remediation. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Azure Storage Security
Intermediate
5 commands
Aliases: storage infrastructure encryption, storage account double encryption, require infrastructure encryption, double encryption for Azure Storage
Quick peek
Open full term page
Management and Governance
premium
Policy assignment enforcement mode
Policy assignment enforcement mode is the safety switch on a policy assignment. When it is Default, Azure Policy can enforce the policy effect, such as deny, modify, audit, or deployIfNotExists, during resource changes. When it is DoNotEnforce, Azure still evaluates resources for compliance, but the effect does not block or change deployments. That makes it useful for testing a new guardrail. It is not the same as deleting the assignment or using the Disabled effect, because evaluation can still show expected impact.
Azure Policy
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Policy assignment scope
Policy assignment scope answers a simple question: where does this policy apply? If a policy is assigned at a management group, subscriptions under that management group can inherit it. If it is assigned at a resource group, resources in that group are targeted. Scope is not just a label; it determines who feels the rule. Exclusions and exemptions can narrow the effect, but a broad assignment can still reach many teams. Good scope choices make governance predictable, explainable, and safer to operate.
Azure Policy
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
Cosmos DB role assignment
Cosmos DB role assignment means a binding that grants a Microsoft Entra principal a Cosmos DB data-plane role at a specific account, database, or container scope in Azure Cosmos DB. In plain English, it is the thing developers and operators check when they need to understand how data access really works. It connects the application model to least-privilege access, managed identity authentication, scope control, and auditable authorization without sharing account keys. For a production team, it turns vague database talk into a specific thing to inspect in the portal, SDK code, templates, metrics, and incident notes.
Azure Cosmos DB
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
AI and Machine Learning
premium
Code interpreter tool
An agent tool that can execute code for analysis tasks.
AI platform and search
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
learning-path-anchor
System-assigned managed identity
A system-assigned managed identity lets one Azure resource authenticate without a stored password, client secret, or certificate managed by your app team. You turn it on for a resource such as a web app, function, virtual machine, data factory, or automation account. Azure creates an identity for that resource, and the resource can request...
Managed identities
intermediate
4 commands
Aliases: system assigned identity, resource managed identity, SystemAssigned identity, managed service identity
Quick peek
Open full term page
AI and Machine Learning
premium
Assistants API
Assistants API is the older assistant-building API pattern that organizes an AI workflow around assistants, threads, messages, runs, tools, and files. It helped developers build stateful assistants without inventing every orchestration object themselves. In 2026, it should be treated as a migration-sensitive term because Azure documentation marks the classic Assistants API as deprecated and.
Azure OpenAI
intermediate
2 commands
Aliases: Azure OpenAI Assistants API, OpenAI Assistants API, classic Assistants API, Assistants API v2
Quick peek
Open full term page
Analytics
field-manual-complete
Stream Analytics no-code editor
The Stream Analytics no-code editor is a visual way to build a streaming job without typing the query yourself. You connect supported inputs, shape the data with drag-and-drop transformations, preview records, and choose outputs. Azure then creates a Stream Analytics job behind the experience. It is useful for analysts, platform teams, and engineers who need a quick, governed pipeline but do not want every small stream-processing task to become custom code. It still needs engineering review before production.
Stream Analytics
intermediate
5 commands
Aliases: Stream Analytics no-code editor, ASA no-code editor, no-code Stream Analytics, drag-and-drop Stream Analytics editor, Stream Analytics visual editor
Quick peek
Open full term page
Compute
verified
VM system-assigned identity
VM system-assigned identity is a Microsoft Entra managed identity created directly on an Azure virtual machine. Azure manages its credentials, ties its lifecycle to that VM, and lets the guest request tokens for authorized Azure resources without storing secrets in code.
Virtual Machines
intermediate
5 commands
Aliases: VM system-assigned identity, vm system-assigned identity
Quick peek
Open full term page
Databases
complete
SQL vulnerability assessment
Microsoft Learn describes SQL vulnerability assessment as a scanning and assessment capability for Azure SQL that identifies potential database security issues, risky settings, excessive permissions, and missing baselines. Results help teams review findings, set approved baselines, and track remediation through Defender-aligned workflows.
Azure SQL security
intermediate
5 commands
Aliases: Azure SQL vulnerability assessment, SQL VA, Defender for SQL vulnerability assessment, database vulnerability assessment
Quick peek
Open full term page
Storage
complete
Storage account infrastructure encryption
A storage feature or access model in Storage accounts that helps teams store, protect, move, and govern application or analytics data with clearer ownership, safety, and operational context.
Storage accounts
advanced
5 commands
Aliases: storage infrastructure encryption, Azure Storage double encryption, double encryption for storage, infrastructure-level encryption
Quick peek
Open full term page
Management and Governance
premium
Policy assignment
The object that applies a policy or initiative to a management group, subscription, resource group, or resource scope.
Azure Policy
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Active assignment
An active assignment is privileged access that is usable immediately for its assignment period without requiring activation. In Microsoft Entra Privileged Identity Management, active assignments differ from eligible assignments, which require an activation step such as MFA, justification, or approval before privileges can be used.
Privileged access
intermediate
4 commands
Aliases: PIM active assignment, active role assignment, standing privileged assignment
Quick peek
Open full term page
Identity
premium
App role assignment
An app role assignment is the actual grant that connects a principal to an app role. The principal might be a user, group, or service principal, and the role is defined by the resource application. Without an assignment, the role exists but nobody receives it. With an assignment, tokens or.
Identity operations
intermediate
4 commands
Aliases: application role assignment, Microsoft Entra app role assignment
Quick peek
Open full term page
Databases
premium
Azure SQL vulnerability assessment
Azure SQL vulnerability assessment is a Defender for Cloud capability that scans Azure SQL databases for security misconfigurations, risky settings, and findings that can be reviewed and remediated.
Azure SQL Database
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Deny assignment
A deny assignment is an Azure authorization control that blocks specified actions at a scope even when role assignments would otherwise grant access.
Azure RBAC
intermediate
4 commands
Aliases: Azure deny assignment, RBAC deny assignment, system-protected deny assignment, Authorization deny assignment
Quick peek
Open full term page
Identity
premium
Eligible assignment
An eligible assignment grants a user or principal the ability to activate a privileged Microsoft Entra or Azure RBAC role when needed instead of holding it permanently.
Privileged access
intermediate
4 commands
Aliases: PIM eligible assignment, eligible role assignment
Quick peek
Open full term page
AI and Machine Learning
premium
Machine Learning data asset
A Machine Learning data asset is a named, versioned reference to data used by Azure Machine Learning jobs. It can point to files, folders, or MLTable definitions so teams can reuse training data without remembering raw storage paths. That context supports safer operational decisions.
Machine learning
intermediate
4 commands
Aliases: Azure ML data asset, ML data asset
Quick peek
Open full term page
AI and Machine Learning
premium
ML data asset
ML data asset is a named and versioned Azure Machine Learning reference to data used by jobs, pipelines, training, evaluation, or batch scoring. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Azure Machine Learning
intermediate
4 commands
Aliases: AML data asset, Azure ML data asset, MLTable asset, data asset, registered data asset
Quick peek
Open full term page
Migration
premium
Assessment
An assessment is the structured review that estimates whether a workload is ready to move to Azure, what it might cost, and what target configuration makes sense. In Azure Migrate, assessments help teams compare current servers, databases, applications, and dependencies against Azure options before migration begins. It is not a final migration plan by.
Migration planning
fundamentals
2 commands
Aliases: Azure Migrate assessment, Migration assessment, Server assessment, Application assessment
Quick peek
Open full term page
Identity
premium
Assignment managed identity
Assignment managed identity is the identity Azure Policy uses when a policy assignment must change resources during remediation. It matters most for effects such as modify and deployIfNotExists, where Policy is not just reporting non-compliance but attempting to fix or deploy something. The identity needs Azure RBAC permissions at the right scope. Without those.
Azure Policy
intermediate
2 commands
Aliases: Policy assignment identity, Azure Policy managed identity, policy remediation identity, assignment identity
Quick peek
Open full term page
AI and Machine Learning
premium
Assistant message
Assistant message is the conversation record produced inside an Assistants-style workflow. In the classic Assistants API model, messages live on a thread and can come from a user or the assistant. For operators, the important point is that an assistant message is not just screen text; it is state that may be stored, retrieved.
Azure OpenAI
intermediate
2 commands
Aliases: Assistants API message, thread message, assistant-generated message, Azure OpenAI assistant message
Quick peek
Open full term page
Security
field-manual-complete
Infrastructure encryption
Infrastructure encryption controls whether supported Azure services apply an extra platform encryption layer for workloads that require stronger data-at-rest protection. Teams see it in storage accounts, encryption scopes. It is not customer-managed keys, transparent data encryption, transport encryption, or a backup retention policy; confusing them can create noncompliant storage designs, irreversible creation-time gaps. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Data Protection
Intermediate
5 commands
Aliases: double encryption, platform infrastructure encryption, second encryption layer, infrastructure-level encryption
Quick peek
Open full term page
Management and Governance
verified
Resource group policy assignment
A resource group policy assignment applies an Azure Policy definition or initiative to one resource group so resources inside that group are audited, denied, modified, or remediated according to the assignment.
Azure Policy
intermediate
5 commands
Aliases: policy assignment at resource group, Azure Policy resource group scope, resource group scoped policy, RG policy assignment, policy scope resource group
Quick peek
Open full term page
Management and Governance
field-manual-complete
Subscription policy assignment
A subscription policy assignment is a rule or initiative applied to an entire Azure subscription. Instead of assigning the policy one resource group at a time, the assignment covers all resource groups and resources under that subscription unless exclusions or exemptions narrow it. It can audit, deny, append, modify, or deploy supporting settings depending on the policy effect. Think of it as a subscription-wide guardrail with parameters, scope, enforcement mode, and compliance reporting. It is powerful because it is broad, so it deserves careful review before production use.
Azure Policy
intermediate
5 commands
Aliases: subscription scoped policy assignment, Azure Policy assignment at subscription scope, subscription governance assignment
Quick peek
Open full term page
Identity
field-manual-complete
User-assigned managed identity
A standalone managed identity that can be attached to one or more Azure resources.
Managed identities
fundamentals
5 commands
Aliases: UAMI, user managed identity, reusable managed identity
Quick peek
Open full term page
Compute
field-manual-complete
VM patch assessment
VM patch assessment checks an Azure VM for available operating-system updates before installation is scheduled or started.
Virtual Machines
intermediate
5 commands
Aliases: patch assessment, assess patches, VM update assessment, guest patch assessment, Azure VM patch check
Quick peek
Open full term page
Compute
verified
VM user-assigned identity
VM user-assigned identity is a reusable managed identity resource attached to a virtual machine so software on that VM can request Microsoft Entra tokens without stored credentials. Its lifecycle and permissions are managed separately from the VM across rebuilds and fleets.
Virtual Machines
intermediate
5 commands
Aliases: VM user-assigned managed identity, user-assigned managed identity for virtual machines, virtual machine user-assigned identity, managed identity attached to VM
Quick peek
Open full term page
Management and Governance
premium field-manual
Management group policy assignment
A management group policy assignment is an Azure Policy assignment applied at management-group scope so it affects child subscriptions and resources. Teams use it when governance teams need consistent guardrails across multiple subscriptions from one parent scope. In plain English, it gives operators a named control for centralized policy enforcement, compliance reporting, and fewer repeated subscription-level assignments instead of leaving the decision hidden in a portal setting, script, or deployment file. Treat it as production-ready only when the owner, dependencies, permission boundary, monitoring signal, and rollback evidence are clear.
Azure Policy
intermediate
4 commands
Aliases: Management group policy assignment, Azure Policy, policy definition, policy initiative, resource group policy assignment, Azure Policy and management groups, policy assignment at management group scope, inherited policy assignment, Azure Policy at management group scope
Quick peek
Open full term page
Media
premium field-manual
Media asset
A media asset is a media file container formerly used by Azure Media Services to manage encoded video, audio, and related files. Teams use it when teams maintain or migrate media workloads after Azure Media Services retirement. In plain English, it gives operators a named control for clear inventory of media content, storage dependencies, and migration evidence instead of leaving the decision hidden in a portal setting, script, or deployment file. Treat it as production-ready only when the owner, dependencies, permission boundary, monitoring signal, and rollback evidence are clear.
Azure Media Services legacy assets
intermediate
4 commands
Aliases: Media asset, Azure Media Services asset, AMS asset, mediaServices asset, video asset, audio asset, media file asset, content asset, Microsoft.Media asset, Azure Media Services and Azure Storage, Azure Media Services legacy assets
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse Spark pool
A Synapse Spark pool is the workspace compute definition Azure Synapse uses to start Apache Spark sessions. It records node size, node count, autoscale behavior, runtime version, packages, and idle timeout so notebooks, Spark jobs, and pipelines get repeatable distributed processing.
Synapse Analytics
fundamentals
8 commands
Aliases: Apache Spark pool, Spark pool, Synapse Apache Spark pool, serverless Spark pool
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search