Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 460 matching terms. Narrow the search to reduce the list.
Management and Governance
premium
CanNotDelete lock
A CanNotDelete lock is an Azure Resource Manager management lock that prevents a resource, resource group, or subscription from being deleted while still allowing many read and update operations.
Management locks
intermediate
4 commands
Aliases: delete lock
Quick peek
Open full term page
Management and Governance
premium
Lock inheritance
Microsoft Learn explains that Azure resource locks can be applied at subscription, resource group, or resource scope, and child resources inherit locks from parent scopes. Inherited locks can prevent deletion or modification even when a user has permission. Operators should review it with the connected Azure resource settings.
Management locks
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
verified
Resource delete protection
Resource delete protection uses Azure management locks, usually CanNotDelete, to stop critical resources or resource groups from being deleted by ordinary control-plane operations.
Management locks
fundamentals
5 commands
Aliases: Azure delete protection, management lock delete protection, CanNotDelete lock, delete lock, protected Azure resource
Quick peek
Open full term page
Management and Governance
verified
Resource lock
A resource lock is a control-plane safety catch for Azure resources. It tells Azure Resource Manager to block deletion or broader changes even when the user normally has permission. CanNotDelete is the common production guardrail because it stops accidental removal while still allowing most updates. ReadOnly is stricter and can break normal operations if used carelessly. Locks are not backups, RBAC, soft delete, or data protection. They are a deliberate pause before someone or something changes critical infrastructure.
Azure Resource Manager
fundamentals
5 commands
Aliases: ARM lock, Management lock, Azure resource lock
Quick peek
Open full term page
Management and Governance
verified
ReadOnly lock
A ReadOnly lock is an Azure Resource Manager management lock that lets authorized users read a resource, resource group, subscription, or management group scope but prevents updates and deletes. The restriction applies across role assignments, including Owner, until the lock is removed or changed.
Management locks
intermediate
4 commands
Aliases: ReadOnly management lock, read-only resource lock, Azure ReadOnly lock, ARM ReadOnly lock
Quick peek
Open full term page
Management and Governance
premium
Management group
Microsoft Learn describes management groups as governance containers above subscriptions that let organizations organize subscriptions into a hierarchy. They support unified policy, access management, and governance controls across many subscriptions instead of repeating the same assignments subscription by subscription at enterprise scale.
Azure governance
fundamentals
5 commands
Aliases: Azure management group, Management group hierarchy, MG scope
Quick peek
Open full term page
Management and Governance
premium
Parent management group
A parent management group is the branch above a child management group or subscription. Rules assigned at the parent can flow downward, so changing the parent is a broad governance decision, not just a local label change.
Management groups
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Root management group
The root management group is the top of the Azure governance tree for a tenant. Because everything sits beneath it, policies or access assigned there can have very wide impact. Treat root-scope changes as enterprise-level decisions.
Management groups
intermediate
5 commands
Aliases: tenant root group
Quick peek
Open full term page
Integration
premium
API Management backend
An API Management backend is the HTTP service that implements a frontend API and its operations behind the API Management gateway.
API Management
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Integration
premium
API Management gateway
The API Management gateway is the component that receives API requests, applies policies, routes traffic to backends, and returns responses to callers.
API Management
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Integration
premium
API Management operation
An API Management operation is one callable action inside an API, such as GET /orders or POST /claims. It tells Azure API Management which HTTP method, URL template, parameters, and display name should be exposed to consumers. The operation can map to a backend route, return a mock response, accept.
Application delivery and API edge
intermediate
4 commands
Aliases: APIM operation, API operation in API Management
Quick peek
Open full term page
Integration
premium
API Management revision
An API Management revision is a safe working copy of an API for changes that should not break consumers. You create a revision, adjust operations, descriptions, policies, or backend settings, test the changes, and then make that revision current when it is ready. Existing consumers keep using the.
Application delivery and API edge
intermediate
4 commands
Aliases: APIM revision, API revision
Quick peek
Open full term page
Integration
premium
API Management self-hosted gateway
An API Management self-hosted gateway is a containerized copy of the API Management gateway that runs where your APIs live, such as on-premises, another cloud, or an Azure Kubernetes environment. Azure API Management remains the place where teams define APIs, products, policies, and observability..
Application delivery and API edge
intermediate
4 commands
Aliases: APIM self-hosted gateway, self-hosted API gateway
Quick peek
Open full term page
Integration
premium
API Management version
An API Management version is a separate version of an API that helps teams handle breaking changes. Clients can keep using an older version while newer clients adopt the new version when ready. Versions can be identified through a path, header, or query parameter, depending on the versioning.
Application delivery and API edge
intermediate
4 commands
Aliases: APIM version, API version in API Management
Quick peek
Open full term page
Management and Governance
premium
Child management group
A child management group is a branch under a parent management group. It helps organize subscriptions into smaller governance areas, while still inheriting broad rules from above. Use it when one tenant needs different policy or access boundaries for teams, business units, or environments.
Management groups
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Entitlement management
Entitlement management uses access packages to govern access to groups, applications, SharePoint sites, and other resources for internal and external identities.
Identity Governance
intermediate
4 commands
Aliases: Microsoft Entra entitlement management, Entra entitlement management, access package governance
Quick peek
Open full term page
Management and Governance
premium
Management group hierarchy
A management group hierarchy is the tree that organizes an Azure estate. Subscriptions can sit under management groups, management groups can sit under parents, and broad policy or access settings can flow down from higher branches to lower ones.
Management groups
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Management group ID
A management group ID is the stable name Azure tools use for a management group. The display name can be friendly, but the ID is what CLI commands, resource IDs, and policy assignments need when they target that governance scope.
Management groups
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Management group scope
Management group scope means the operation targets a branch of the Azure hierarchy, not just one subscription. It is useful for organization-wide policy, access, and landing-zone governance, but mistakes can affect many subscriptions at once.
Management scopes
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Management-plane operation
A management-plane operation is an Azure control action. It is what you do when you create a virtual machine, update a storage account setting, assign a role, list resources, validate a deployment, or delete a resource group. Microsoft Learn anchors this term in What is Azure Resource Manager?, but this field-manual definition is intentionally wider than an older short glossary entry because the page must teach what to inspect, what can break, who owns the decision, and which evidence proves the Azure environment is behaving as intended. In field use.
Azure Resource Manager
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
field-manual-complete
Lifecycle management rule
Microsoft Learn describes lifecycle policy rules as named definitions with filters and actions. A rule selects blobs by type, prefix, or index tags, then transitions or deletes current versions, previous versions, or snapshots according to age and lifecycle conditions.
Azure Storage
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
field-manual-complete
Privileged Identity Management
Privileged Identity Management, usually called PIM, is the Microsoft Entra feature that keeps powerful access from being permanently active unless someone really needs it.
Access control
fundamentals
5 commands
Aliases: PIM
Quick peek
Open full term page
Storage
field-manual-complete
Storage lifecycle management
Policy-based automation that tiers or deletes Azure Blob Storage data as it ages or changes use.
Storage lifecycle
intermediate
5 commands
Aliases: Azure Blob lifecycle management, storage account lifecycle policy, blob lifecycle management policy, storage retention tiering policy
Quick peek
Open full term page
Storage
complete
Storage account lifecycle management
A storage feature or access model in Storage accounts that helps teams store, protect, move, and govern application or analytics data with clearer ownership, safety, and operational context.
Storage accounts
advanced
5 commands
Aliases: blob lifecycle management, storage lifecycle policy, Azure Storage management policy, blob tiering policy
Quick peek
Open full term page
Integration
complete
API Management policy
An API Management policy is a rule the gateway runs while handling an API call. Policies can validate tokens, add or remove headers, rewrite URLs, limit rates, cache responses, transform payloads, choose a backend, or return a custom response. They are written as ordered XML statements and can.
Application delivery and API edge
intermediate
4 commands
Aliases: APIM policy, API policy in API Management
Quick peek
Open full term page
Management and Governance
premium field-manual
Management group deployment
A management group deployment is an ARM or Bicep deployment executed at management-group scope instead of subscription or resource-group scope. Teams use it when platform teams need to deploy governance resources across a management group hierarchy. In plain English, it gives operators a named control for repeatable policy, role, and subscription-level governance from the correct Azure scope instead of leaving the decision hidden in a portal setting, script, or deployment file. Treat it as production-ready only when the owner, dependencies, permission boundary, monitoring signal, and rollback evidence are clear.
ARM deployments
intermediate
4 commands
Aliases: Management group deployment, Azure Resource Manager, ARM deployments, ARM and Bicep governance deployments, subscription deployment, resource group deployment, tenant deployment, Azure Resource Manager and Bicep, ARM management group deployment, Bicep management group deployment
Quick peek
Open full term page
Management and Governance
premium field-manual
Management group display name
A management group display name is the human-readable name shown for a management group in Azure governance views. Teams use it when administrators need a clear label for a management-group node without changing its immutable identifier. In plain English, it gives operators a named control for readable hierarchy navigation, clearer governance ownership, and less confusion during reviews instead of leaving the decision hidden in a portal setting, script, or deployment file. Treat it as production-ready only when the owner, dependencies, permission boundary, monitoring signal, and rollback evidence are clear.
Management groups
intermediate
4 commands
Aliases: Management group display name, Azure Management Groups, Management groups, Azure management groups, management group ID, management group hierarchy, tenant root group, management group friendly name, displayName
Quick peek
Open full term page
Management and Governance
premium field-manual
Management group inheritance
Management group inheritance is the way Azure governance assignments at a parent management group flow down to child groups and subscriptions. Teams use it when platform teams want policy, RBAC, and governance controls applied consistently across many subscriptions. In plain English, it gives operators a named control for centralized governance with predictable downstream scope and fewer one-off subscription changes instead of leaving the decision hidden in a portal setting, script, or deployment file. Treat it as production-ready only when the owner, dependencies, permission boundary, monitoring signal, and rollback evidence are clear.
Management groups
intermediate
4 commands
Aliases: scope inheritance, Management group inheritance, Azure Management Groups, Management groups, Azure management groups, policy assignment, role assignment, Azure management groups and Azure Policy, inherited governance, Azure management groups, Azure Policy, and Azure RBAC
Quick peek
Open full term page
Management and Governance
premium field-manual
Management group policy assignment
A management group policy assignment is an Azure Policy assignment applied at management-group scope so it affects child subscriptions and resources. Teams use it when governance teams need consistent guardrails across multiple subscriptions from one parent scope. In plain English, it gives operators a named control for centralized policy enforcement, compliance reporting, and fewer repeated subscription-level assignments instead of leaving the decision hidden in a portal setting, script, or deployment file. Treat it as production-ready only when the owner, dependencies, permission boundary, monitoring signal, and rollback evidence are clear.
Azure Policy
intermediate
4 commands
Aliases: Management group policy assignment, Azure Policy, policy definition, policy initiative, resource group policy assignment, Azure Policy and management groups, policy assignment at management group scope, inherited policy assignment, Azure Policy at management group scope
Quick peek
Open full term page
Integration
field-manual-complete
API Management
Azure API Management is a hybrid, multicloud API management platform with a gateway, management plane, and developer portal for the full API lifecycle.
API Management
intermediate
3 commands
Aliases: APIM
Quick peek
Open full term page
Integration
strict-validated
API Management named value
An API Management named value is a reusable name/value pair for policies, supporting plain values, encrypted secrets, policy expressions, and Key Vault references.
API Management policies
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
complete
Cost Management
Cost Management is an Azure glossary term for Microsoft’s FinOps toolset for analyzing, monitoring, allocating, exporting, alerting on, and optimizing Microsoft Cloud costs. In practice, it helps teams reason about connecting Azure spending to owners, budgets, recommendations, forecasts, exports, anomalies, and governance decisions using live Azure evidence, documented ownership, and Microsoft Learn guidance. It should be reviewed through security, reliability, operations, cost, and performance lenses before production changes.
Cost Management
beginner
3 commands
Aliases: Azure Cost Management, Microsoft Cost Management, Microsoft Cost Management and Billing
Quick peek
Open full term page
Storage
field-manual-complete
Lifecycle management
Microsoft Learn describes Azure Blob Storage lifecycle management as policies with automated rules for moving blobs between hot, cool, cold, and archive tiers or deleting data at the end of its lifecycle. Rules help manage cost as access patterns change.
Blob Storage
fundamentals
2 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Extension resource
An Extension resource is an Azure Resource Manager resource that adds capabilities to another resource, such as a lock, role assignment, policy assignment, or diagnostic setting. Teams use it to attach governance, access, diagnostics, locks, policies, or configuration behavior to an existing Azure resource or scope without treating the extension as a standalone workload. It is not a child resource that only exists inside a parent namespace, a deployment script, a VM extension package, or proof that the target resource is configured correctly.
Azure Resource Manager
intermediate
6 commands
Aliases: ARM extension resource, resource extension, scope extension resource
Quick peek
Open full term page
Security
premium
Just-in-time VM access
Just-in-time VM access is the Microsoft Defender for Cloud control that locks down VM management ports and opens approved inbound access only for a limited time.
Defender for Cloud
intermediate
5 commands
Aliases: JIT VM access, Defender for Cloud JIT, just in time access, JIT network access policy
Quick peek
Open full term page
Management and Governance
premium
Resource group
A resource group is an Azure Resource Manager container that holds related resources for a solution.
Azure scope
fundamentals
5 commands
Aliases: RG, Azure resource group
Quick peek
Open full term page
Management and Governance
premium
Resource group scope
Resource group scope means the command, deployment, policy, or role assignment targets one resource group. It is narrower than subscription scope and broader than a single resource, making it a common boundary for application environments and team ownership.
Management scopes
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse Studio
Synapse Studio is the browser-based workspace experience for Azure Synapse Analytics. It exposes hubs for data, development, integration, monitoring, and management, letting users author notebooks and SQL scripts, build pipelines, configure connections, review access, and work with Git-backed or live artifacts.
Synapse Analytics
fundamentals
6 commands
Aliases: Azure Synapse Studio, Synapse web workspace, Synapse workspace UI, Synapse authoring experience
Quick peek
Open full term page
Management and Governance
premium
Azure control plane
The Azure control plane is the part of Azure you use to manage resources rather than consume the application or data inside them. Microsoft Learn anchors this term in Azure control plane and data plane, but this field-manual definition is intentionally wider than an older short glossary entry because the page must teach what to inspect, what can break, who owns the decision, and which evidence proves the Azure environment is behaving as intended. In field use, start with the technical boundary: Technically, the Azure control plane is handled by.
Azure Resource Manager
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Governance scope
Governance scope is the Azure boundary where governance controls such as policy assignments, initiatives, locks, role assignments, tags, or exemptions apply and are inherited.
Management scopes
intermediate
4 commands
Aliases: Azure governance scope, policy scope, control scope
Quick peek
Open full term page
Management and Governance
premium
Resource scope
Resource scope means you are targeting one specific Azure resource. It is the narrowest common scope, useful when access, locks, monitoring, or troubleshooting should affect only that object instead of everything in a resource group or subscription.
Management scopes
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Scope inheritance
Scope inheritance means children can receive rules from their parents. A policy or role assignment at a management group can affect subscriptions below it. This is powerful for governance, but it also means a high-scope mistake can spread quickly.
Management scopes
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse workload group
A Synapse workload group is a dedicated SQL pool workload management object that reserves, caps, and grants resources for classified requests. It uses settings such as MIN_PERCENTAGE_RESOURCE, CAP_PERCENTAGE_RESOURCE, and request resource grant percentages to shape isolation, containment, concurrency, and execution behavior.
Synapse Analytics
fundamentals
5 commands
Aliases: workload group in Synapse, dedicated SQL pool workload group, CREATE WORKLOAD GROUP, Synapse workload isolation group
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse workspace repository
A Synapse workspace repository is where a Synapse workspace saves its authoring artifacts when Git integration is enabled. Instead of every notebook, pipeline, SQL script, linked service, or dataset living only in the live workspace, the team works through branches, commits, pull requests, and a publish branch. That gives data engineers a familiar code-review...
Synapse Analytics
fundamentals
5 commands
Aliases: Synapse Git repository, Synapse source control, Synapse code repository, workspace Git integration
Quick peek
Open full term page
Governance
learning-path-anchor
Tag inheritance
Tag inheritance is the controlled reuse of tags from a higher Azure or billing scope. Cost Management can apply higher-scope tags to usage records for reporting, while Azure Policy can copy selected parent tag values onto resources for governance at scale.
Resource tagging
fundamentals
5 commands
Aliases: inherited tags, Azure tag inheritance, billing tag inheritance, policy tag inheritance
Quick peek
Open full term page
Governance
learning-path-anchor
Tag name
A tag name is the label key in an Azure tag. In Environment=Prod, Environment is the tag name and Prod is the value. The name tells people and tools what question the tag answers: who owns this, what cost center pays for it, what environment is it, or what application does it support? Good tag names are short, consistent, boring, and governed. Bad tag names create duplicate categories like CostCenter, cost-center, CostCentre, and BillingCode that fracture reports.
Resource tagging
fundamentals
5 commands
Aliases: tag key, Azure tag key, resource tag name, metadata tag name
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Tag value
A tag value is the answer attached to a tag name. If the tag name is Environment, the value might be Production, Test, or Sandbox. If the name is CostCenter, the value might be a finance code. Values are where governance becomes meaningful, because they separate one owner, workload, data class, or lifecycle state from another. A good value is standardized, approved, and easy to query. A bad value is free-text chaos: prod, production, PROD, live, and critical all trying to mean the same thing.
Tags and naming
fundamentals
5 commands
Aliases: tag values, Azure tag value, resource tag value, tag metadata value
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Tagging strategy
A tagging strategy is the playbook for using tags without making a mess. It answers simple but important questions: which tags are required, who owns the list, which values are allowed, where tags are applied, and what happens when a resource is missing one. Without a strategy, tags become random notes. With a strategy, tags become a dependable system for cost allocation, ownership, lifecycle cleanup, compliance evidence, and operational routing. The best strategies are small enough to follow and strict enough to m
Tags and naming
fundamentals
5 commands
Aliases: Azure tagging strategy, tag governance strategy, tag taxonomy, resource tagging standard
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Tags
Tags are labels you attach to Azure things so people and tools can understand what they are for. A tag has a name and a value, such as Owner=DataPlatform or Environment=Prod. Tags do not make a virtual machine faster, secure a database, or change a web app setting. They make the estate easier to organize, report on, govern, and automate. Useful tags answer questions the business actually asks: who owns this, what does it support, what environment is it, and who pays for it?
Tags and naming
advanced
5 commands
Aliases: Azure tags, resource tags, name-value tags, Azure metadata tags
Quick peek
Open full term page
Containers
learning-path-anchor
Target port
A target port tells Azure Container Apps where to deliver traffic inside your container. Public or internal ingress may expose an endpoint, but the app still has to listen on a specific port. If the container listens on 8080 and ingress targets 80, users may see timeouts, failed probes, or gateway errors. The setting is small, but it is often the difference between the app being deployed and the app being reachable. It should match the application startup command, Dockerfile, framework port, and health probes.
Azure Container Apps
intermediate
5 commands
Aliases: container target port, Container Apps target port, ingress targetPort, container ingress port
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search