Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 611 matching terms. Narrow the search to reduce the list.
Identity
learning-path-anchor
System-assigned managed identity
A system-assigned managed identity lets one Azure resource authenticate without a stored password, client secret, or certificate managed by your app team. You turn it on for a resource such as a web app, function, virtual machine, data factory, or automation account. Azure creates an identity for that resource, and the resource can request...
Managed identities
intermediate
4 commands
Aliases: system assigned identity, resource managed identity, SystemAssigned identity, managed service identity
Quick peek
Open full term page
Integration
premium
Event Grid managed identity delivery
Event Grid managed identity delivery is the pattern where Event Grid uses a managed identity on a topic, domain, or system topic to authenticate event delivery to supported destinations. In Azure, it shows up when teams want to deliver events to Azure destinations without storing destination keys or embedding secrets in event subscription configuration. Teams use it to review system-assigned or user-assigned identity, Event Grid topic or domain identity settings, destination RBAC role assignments, delivery identity settings, dead-letter identity settings, and monitoring before changing production behavior.
Event routing
advanced
5 commands
Aliases: Event Grid managed identity event delivery, managed identity delivery for Event Grid
Quick peek
Open full term page
Integration
premium
Service Bus managed identity
Service Bus managed identity means using Microsoft Entra managed identities so Azure-hosted applications can access Service Bus without stored credentials. Applications receive RBAC roles such as Data Sender or Data Receiver, while Service Bus namespace identities may also be assigned for service-managed scenarios such as encryption configuration.
Service Bus
fundamentals
5 commands
Aliases: Service Bus identity-based access, Service Bus Entra authentication, managed identity for Service Bus, Service Bus secretless authentication, Service Bus RBAC identity
Quick peek
Open full term page
Identity
field-manual-complete
User-assigned managed identity
A standalone managed identity that can be attached to one or more Azure resources.
Managed identities
fundamentals
5 commands
Aliases: UAMI, user managed identity, reusable managed identity
Quick peek
Open full term page
Analytics
premium
Databricks access connector
A first-party Azure resource that gives Azure Databricks a managed identity for Unity Catalog storage credentials and other governed service access.
Azure Databricks
intermediate
6 commands
Aliases: Access Connector for Azure Databricks, Azure Databricks access connector, Databricks managed identity connector
Quick peek
Open full term page
AI and Machine Learning
premium
Foundry hub
A Foundry hub is a hub-style Microsoft Foundry resource used in selected scenarios to group AI projects with shared security, connections, data access, and governance settings. Teams use it to organize related AI projects that need common connections, managed identities, network controls, storage, security review, and platform governance across teams or application portfolios. It is not a whole Azure tenant, a model deployment by itself, a replacement for project-level permissions, or the required resource shape for every modern Foundry scenario.
Microsoft Foundry
intermediate
6 commands
Aliases: Azure AI Foundry hub, Foundry hub resource, hub-based project, AI hub
Quick peek
Open full term page
Containers
premium
ACR admin user
The ACR admin user is the quick username-and-password login for a registry. It can be convenient for tests, but it weakens accountability because it is shared. For production, prefer Entra identities, managed identities, tokens, or scoped access patterns.
Azure Container Registry
intermediate
5 commands
Aliases: ACR
Quick peek
Open full term page
Containers
premium
Azure Container Registry
A managed private registry service for building, storing, and managing container images and OCI artifacts for container deployments.
Container images
fundamentals
5 commands
Aliases: ACR
Quick peek
Open full term page
Security
premium
Key Vault
Azure Key Vault is a cloud service for storing and controlling access to secrets, keys, and certificates. It helps applications, administrators, and automation protect sensitive values with encryption, access control, logging, purge protection, private networking, and managed integration across Azure workloads.
Secrets and keys
Fundamentals
5 commands
Aliases: Key Vault, Azure Key Vault, vault, secrets store, certificate vault, secure secrets store, key vault resource
Quick peek
Open full term page
Security
premium
Key Vault access policy
Key Vault access policy controls which identities can read, write, list, delete, recover, sign, unwrap, or manage Key Vault objects when the vault uses policy-based access. Teams see it in key vault access policies blade, secret permissions. It is not Azure RBAC for Key Vault, a network firewall rule, a secret value, a certificate policy, or an application setting; confusing them can create overprivileged identities, broken secret retrieval. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Secrets and keys
Intermediate
5 commands
Aliases: access policy, vault access policy, Key Vault policy permissions, data-plane access policy
Quick peek
Open full term page
Containers
premium
Kubelet identity
Kubelet identity controls how AKS nodes authenticate to Azure resources for node-level tasks, especially pulling container images from registries without embedded secrets. Teams see it in aks identity profile, node pools. It is not cluster control-plane identity, workload identity, pod managed identity, service account token, kubeconfig credential, or container registry admin user; confusing them can create image pull failures, overbroad registry access. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
AKS identity
Intermediate
5 commands
Aliases: AKS kubelet identity, node pool kubelet identity, AKS node managed identity, identityProfile kubeletidentity
Quick peek
Open full term page
Storage
premium
Access ACL
An access ACL is path-level permission in ADLS Gen2. It decides who can read, write, or traverse a file or directory. It works alongside Azure RBAC, so storage access often depends on both role assignments and ACL entries.
Data Lake Storage Gen2
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Client secret
A client secret is a password-style credential added to an app registration so a confidential application can authenticate to Microsoft Entra ID. Microsoft Learn recommends managing credentials carefully and also supports certificates and federated credentials for stronger automation patterns and rotation.
Applications
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Disable Shared Key authorization
Disable Shared Key authorization is a storage account setting that prevents requests from being authorized with account keys and pushes supported access toward Microsoft Entra authorization.
Storage security
intermediate
4 commands
Aliases: disallow Shared Key, AllowSharedKeyAccess false, prevent Shared Key access, disable storage account key access
Quick peek
Open full term page
Compute
premium
Disk encryption set
A disk encryption set is an Azure resource that connects managed disks, snapshots, or images to a customer-managed key used for server-side encryption.
Managed disk encryption
intermediate
4 commands
Aliases: DES, managed disk encryption set, disk CMK set, customer-managed key disk encryption set
Quick peek
Open full term page
Databases
premium
Microsoft Entra authentication for SQL
Microsoft Entra authentication for SQL is the use of Microsoft Entra identities to authenticate to Azure SQL Database, SQL Managed Instance, or related SQL resources. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Azure SQL identity
intermediate
4 commands
Aliases: Azure SQL Entra authentication, Azure AD authentication for SQL, SQL Entra auth
Quick peek
Open full term page
Identity
premium
Microsoft Entra ID
Microsoft Entra ID is the cloud identity platform that stores tenant identities and provides authentication, authorization, application registration, and access governance for Azure. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Identity platform
fundamentals
4 commands
Aliases: Entra ID, Azure Active Directory, Azure AD, AAD
Quick peek
Open full term page
AI and Machine Learning
premium
Multi-service AI account
Multi-service AI account means a shared Azure AI services account for applications that need several supported AI capabilities from one governed endpoint boundary. You see it when teams connect language, vision, speech, translation, or content-understanding features to production applications. Think of it as one managed account boundary for several AI capabilities, not one unlimited permission bucket. It matters because the setting changes how teams design, secure, operate, and troubleshoot the workload. Before changing it in production, know the owner, dependency, evidence, expected result, and rollback path.
Azure AI services
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
AI and Machine Learning
premium
Compute cluster
a managed Azure Machine Learning pool of CPU or GPU nodes that runs training, batch inference, and other jobs for a workspace
Machine learning
Intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
AI and Machine Learning
premium
Compute instance
a managed Azure Machine Learning cloud workstation used by one data scientist or engineer for notebooks, experimentation, development, and lightweight testing
Azure Machine Learning
Beginner
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Analytics
field-manual-complete
Synapse role
A Synapse role is a workspace-level RBAC permission set that controls what users, groups, managed identities, and service principals can do inside Azure Synapse Analytics. Synapse RBAC governs workspace artifacts and actions, while Azure RBAC controls management of the Azure resources.
Synapse Analytics
intermediate
8 commands
Aliases: Azure Synapse role, Synapse RBAC role, Synapse workspace role, Synapse access role
Quick peek
Open full term page
Identity
verified
Workload identity
A workload identity is an identity assigned to software, such as an application, service, script, or container, so it can authenticate to Microsoft Entra protected resources. In Azure, examples include app registrations, service principals, managed identities, and federated workload identities.
Workload identity
fundamentals
6 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
complete
SQL contained user
Microsoft Learn explains that a contained database user is a SQL user not connected to a login in the master database. For Microsoft Entra authentication, administrators create the user in the target database from an external provider, including users, groups, service principals, or managed identities.
Azure SQL
intermediate
6 commands
Aliases: contained user, database user without login, contained SQL user, database-scoped SQL user
Quick peek
Open full term page
Containers
field-manual-complete
AKS workload identity
AKS workload identity lets a pod sign in to Azure as an approved identity without storing a password, client secret, or long-lived key inside the container. You connect a Kubernetes service account to a Microsoft Entra application or managed identity through federation. When the pod runs, Azure trusts the service account token from the cluster OIDC issuer and issues access tokens for allowed resources. The result is cleaner secret handling for applications running in AKS.
AKS Identity
intermediate
5 commands
Aliases: Microsoft Entra Workload ID for AKS, pod workload identity, AKS OIDC federation
Quick peek
Open full term page
Security
field-manual-complete
Least privilege data access
Microsoft Learn describes least privilege as granting users and applications only the data and operations required to do their jobs. In Azure data access, that means scoped roles, managed identities, limited secrets, network controls, and reviewable permissions instead of broad owner-style access.
Data operations
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
field-manual-complete
OAuth 2.0
OAuth 2.0 is the system many Azure applications use to get permission to call an API without handing a password to that API. The application sends a user or workload through a trusted Microsoft identity flow, receives an access token, and presents that token to the resource. In practice, OAuth 2.0 explains why app registrations, scopes, consent prompts, redirect URIs, client secrets, certificates, and managed identities all show up when teams secure Azure-hosted applications.
Authentication
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
verified
Path ACL
In Azure Data Lake Storage Gen2, a path ACL is a POSIX-like access control list applied to a directory or file path. It works with Azure RBAC and ownership metadata to determine which users, groups, service principals, or managed identities can traverse, read, write, or execute data.
Data Lake Storage Gen2
intermediate
5 commands
Aliases: Data Lake path ACL, ADLS Gen2 ACL, access ACL, directory ACL, file ACL, POSIX ACL
Quick peek
Open full term page
Security
field-manual-complete
Private Link for data services
Private Link for data services means your applications connect to databases, storage, and analytics services through private endpoints instead of public endpoints.
Data operations
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
verified
RBAC
Azure role-based access control is an authorization system built on Azure Resource Manager. It grants users, groups, service principals, and managed identities specific roles at management group, subscription, resource group, resource, or environment scopes so teams can apply least privilege.
Azure identity
fundamentals
5 commands
Aliases: Azure RBAC, role-based access control, role based access control
Quick peek
Open full term page
Management and Governance
verified
Resource dependency
A resource dependency tells Azure Resource Manager which resource must exist before another resource can be deployed, updated, or configured during an ARM or Bicep deployment.
ARM deployments
fundamentals
5 commands
Aliases: ARM dependency, Bicep dependency, dependsOn, implicit dependency, deployment dependency
Quick peek
Open full term page
Identity
verified
Resource identity
A resource identity is the Azure identity a workload uses when it needs permission to call another service. Most teams see it as a system-assigned or user-assigned managed identity on a VM, App Service, Function, container app, automation account, or data service. Instead of storing a password or client secret, the resource receives a Microsoft Entra identity and uses tokens. Operators then grant that identity roles on Key Vault, Storage, SQL, Cosmos DB, or other dependencies.
Identity operations
fundamentals
5 commands
Aliases: Workload identity for a resource, Managed identity surface
Quick peek
Open full term page
Identity
field-manual-complete
User
A user is a Microsoft Entra identity that usually represents a person who can sign in, receive group membership, and be assigned access. Azure uses the user object, its object ID, and its roles to evaluate authentication and authorization decisions.
Microsoft Entra ID
beginner
5 commands
Aliases: Microsoft Entra user, Entra user, user object, human identity, directory user
Quick peek
Open full term page
Security
verified
Zero Trust
Zero Trust is a security strategy that assumes breach, verifies every access request explicitly, and uses least privilege to reduce blast radius. In Azure, it is implemented through identity, device, network, data, application, monitoring, governance, and threat-detection controls across environments.
Security architecture
fundamentals
5 commands
Aliases: Zero Trust architecture, Never trust always verify, Assume breach, Verify explicitly
Quick peek
Open full term page
Databases
complete
SQL Microsoft Entra authentication
Microsoft Learn describes Microsoft Entra authentication for Azure SQL as using identities from Microsoft Entra ID to authenticate to Azure SQL Database, Azure SQL Managed Instance, Synapse SQL, and related SQL platforms. It supports users, groups, applications, and managed identities while database permissions still control authorization.
Azure SQL security and identity
intermediate
5 commands
Aliases: Azure SQL Entra authentication, Microsoft Entra authentication for Azure SQL, Azure AD authentication for SQL, Entra ID SQL authentication
Quick peek
Open full term page
Monitoring and Observability
field-manual-ready
Monitoring Reader
Monitoring Reader is an Azure role that lets users view monitoring data and settings without broad resource management permissions.
Azure Monitor RBAC
fundamentals
4 commands
Aliases: Azure Monitor Reader, Monitoring Reader, monitoring RBAC
Quick peek
Open full term page
Security
field-manual-complete
Least privilege
Least privilege means granting identities only the permissions required to perform their tasks, and no broader access than necessary. Microsoft Learn guidance applies this principle across Azure RBAC, data-plane permissions, privileged access, managed identities, and operational reviews to reduce attack surface and limit blast radius.
Security architecture
fundamentals
2 commands
Aliases: No aliases yet
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse workspace managed identity
A Synapse workspace managed identity is the workspace's own identity in Microsoft Entra ID. Instead of saving passwords, keys, or connection strings inside pipelines and notebooks, Synapse can use this identity to ask for tokens and reach trusted Azure resources. It is commonly used for Data Lake Storage, Key Vault, SQL, and linked service...
Synapse Analytics
intermediate
8 commands
Aliases: Synapse managed service identity, Synapse MSI, workspace system-assigned identity, Synapse workspace identity
Quick peek
Open full term page
AI and Machine Learning
premium
Azure OpenAI managed identity
Azure OpenAI managed identity uses Microsoft Entra identities so Azure workloads can call model endpoints without stored keys.
Azure OpenAI
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Managed identity
A managed identity is an automatically managed Microsoft Entra identity assigned to a supported Azure resource. It lets workloads authenticate to services that support Microsoft Entra authentication without storing passwords, certificates, or client secrets in code, configuration, or deployment pipelines.
Microsoft Entra workload identity
intermediate
3 commands
Aliases: Managed identity, system-assigned managed identity, user-assigned managed identity, Azure workload identity, secretless authentication, system-assigned identity, user-assigned identity, Microsoft Entra ID, Microsoft Entra workload identity
Quick peek
Open full term page
Databases
premium
Azure Managed Redis
Azure Managed Redis is a Microsoft-managed in-memory data store based on Redis Enterprise, used for low-latency caching, session storage, messaging, and semantic cache scenarios.
Managed cache
intermediate
6 commands
Aliases: Managed Redis, Redis Enterprise on Azure, Azure Redis Enterprise
Quick peek
Open full term page
Analytics
premium
Databricks managed resource group
The Azure resource group created or referenced for Databricks-managed infrastructure that supports a workspace and its classic compute resources.
Azure Databricks
intermediate
6 commands
Aliases: managed resource group, Azure Databricks managed resource group, workspace managed resource group
Quick peek
Open full term page
Containers
premium
AKS managed identity
An AKS managed identity is a Microsoft Entra identity that an AKS cluster uses to manage Azure resources without stored service principal secrets.
AKS identity
Intermediate
5 commands
Aliases: Azure Kubernetes Service managed identity, aks managed identity
Quick peek
Open full term page
Storage
premium
Azure Managed Lustre
Azure Managed Lustre is a managed parallel file system for high-performance computing and AI workloads that need scalable, low-latency file storage in Azure.
Parallel file systems
advanced
5 commands
Aliases: Managed Lustre, Azure Managed Lustre File System, AMLFS
Quick peek
Open full term page
Security
premium
Customer-managed key rotation
Customer-managed key rotation is the planned creation and adoption of new versions of a customer-managed encryption key while Azure services keep accessing protected data safely.
Key management
advanced
4 commands
Aliases: Customer-managed key rotation
Quick peek
Open full term page
Analytics
premium
Data Factory managed identity
The Microsoft Entra identity assigned to a Data Factory so pipelines and linked services can access Azure resources without embedded passwords.
Data integration and orchestration
Intermediate
4 commands
Aliases: Data Factory managed identity, ADF managed identity, data factory managed identity
Quick peek
Open full term page
Analytics
premium
Data Factory managed virtual network
A Microsoft-managed network boundary used by Azure Integration Runtime to isolate data integration traffic and connect through managed private endpoints.
Data integration and orchestration
Intermediate
4 commands
Aliases: Data Factory managed virtual network, ADF managed virtual network, data factory managed virtual network
Quick peek
Open full term page
Web
premium
Function app managed identity
Function app managed identity is a Microsoft Entra identity assigned to a function app so its code and supported bindings can access Azure resources without storing passwords or connection strings. Teams use it to replace secrets in app settings with identity-based access to services such as Storage, Service Bus, Key Vault, Event Hubs, SQL, or monitoring resources. In daily Azure work, it shows up when engineers grant a function app data-plane permissions, remove leaked connection strings, configure identity-based bindings, or investigate why a trigger cannot reach its dependency.
Azure Functions
intermediate
4 commands
Aliases: Azure Functions managed identity, managed identity for Functions, function app identity
Quick peek
Open full term page
Integration
premium
Logic Apps managed identity
A Logic Apps managed identity is the Microsoft Entra identity assigned to a Logic Apps workflow or Standard logic app resource so the workflow can authenticate to supported Azure resources without storing passwords, shared keys, or long-lived secrets in governed production environments.
Azure Logic Apps
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Web
premium
Managed certificate
A managed certificate in Azure App Service is a platform-created TLS certificate for a supported custom domain. Azure can issue and renew it for basic HTTPS protection, but it has limitations compared with uploaded, Key Vault, or purchased certificates. That context supports safer operational decisions.
TLS
fundamentals
4 commands
Aliases: App Service managed certificate, free managed certificate
Quick peek
Open full term page
Storage
premium
Microsoft-managed key for storage
Microsoft-managed key for Storage means the default Azure Storage encryption approach where Microsoft manages the keys that protect stored data at rest. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Storage encryption
advanced
4 commands
Aliases: platform-managed key for storage, PMK for storage, Microsoft managed storage encryption key
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search