Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 1,712 matching terms. Narrow the search to reduce the list.
Databases
premium
Microsoft Entra admin for SQL
Microsoft Entra admin for SQL is the Microsoft Entra identity designated to administer an Azure SQL logical server or SQL Managed Instance through Entra authentication. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Azure SQL identity
intermediate
4 commands
Aliases: Azure SQL Entra admin, Azure AD admin for SQL, SQL Entra administrator
Quick peek
Open full term page
Databases
premium
Microsoft Entra authentication for SQL
Microsoft Entra authentication for SQL is the use of Microsoft Entra identities to authenticate to Azure SQL Database, SQL Managed Instance, or related SQL resources. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Azure SQL identity
intermediate
4 commands
Aliases: Azure SQL Entra authentication, Azure AD authentication for SQL, SQL Entra auth
Quick peek
Open full term page
Identity
premium
Microsoft Entra group
Entra group means a Microsoft Entra ID group object used to manage membership, access assignments, application permissions, and governance workflows as a unit. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Directory groups
intermediate
4 commands
Aliases: Entra group, Azure AD group, directory group
Quick peek
Open full term page
Identity
premium
Microsoft Entra ID
Microsoft Entra ID is the cloud identity platform that stores tenant identities and provides authentication, authorization, application registration, and access governance for Azure. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Identity platform
fundamentals
4 commands
Aliases: Entra ID, Azure Active Directory, Azure AD, AAD
Quick peek
Open full term page
Databases
premium
Azure SQL Microsoft Entra authentication
A database capability or setting in Azure SQL Database that helps teams store, query, scale, secure, and recover application data with clearer ownership, safety, and operational context.
Azure SQL Database
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
complete
SQL Microsoft Entra authentication
Microsoft Learn describes Microsoft Entra authentication for Azure SQL as using identities from Microsoft Entra ID to authenticate to Azure SQL Database, Azure SQL Managed Instance, Synapse SQL, and related SQL platforms. It supports users, groups, applications, and managed identities while database permissions still control authorization.
Azure SQL security and identity
intermediate
5 commands
Aliases: Azure SQL Entra authentication, Microsoft Entra authentication for Azure SQL, Azure AD authentication for SQL, Entra ID SQL authentication
Quick peek
Open full term page
Identity
premium
Microsoft 365 group
Microsoft 365 group is a collaboration-backed group object in Microsoft Entra ID used for shared membership across Microsoft 365 resources and some Azure access patterns. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Microsoft Entra ID
fundamentals
4 commands
Aliases: M365 group, Office 365 group, Microsoft 365 collaboration group
Quick peek
Open full term page
Management and Governance
premium
Microsoft Purview account
Microsoft Purview account is the Azure resource boundary for Microsoft Purview data governance, catalog, scanning, classification, lineage, and policy workflows. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Data governance
intermediate
4 commands
Aliases: Purview account, Microsoft Purview governance account, Azure Purview account
Quick peek
Open full term page
Security
top-250-pre130-priority-upgraded
Microsoft Sentinel
Microsoft Sentinel means Microsoft cloud SIEM and SOAR service for collecting security signals, detecting threats, investigating incidents, and automating response. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
SIEM and SOAR
fundamentals
4 commands
Aliases: Sentinel, Azure Sentinel, Microsoft Sentinel SIEM
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse workspace managed identity
A Synapse workspace managed identity is the workspace's own identity in Microsoft Entra ID. Instead of saving passwords, keys, or connection strings inside pipelines and notebooks, Synapse can use this identity to ask for tokens and reach trusted Azure resources. It is commonly used for Data Lake Storage, Key Vault, SQL, and linked service...
Synapse Analytics
intermediate
8 commands
Aliases: Synapse managed service identity, Synapse MSI, workspace system-assigned identity, Synapse workspace identity
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Tenant deployment
A tenant deployment is a Resource Manager deployment executed at Microsoft Entra tenant scope.
ARM deployments
intermediate
5 commands
Aliases: Tenant deployment, tenant deployment, Azure Tenant deployment, tenant scope deployment, az deployment tenant, ARM tenant deployment
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Tenant scope
Tenant scope is the highest Azure Resource Manager deployment and governance context tied to a Microsoft Entra tenant.
Management scopes
fundamentals
5 commands
Aliases: Tenant scope, tenant scope, Azure Tenant scope, tenant level scope, ARM tenant scope, targetScope tenant
Quick peek
Open full term page
Identity
learning-path-anchor
System-assigned managed identity
A system-assigned managed identity lets one Azure resource authenticate without a stored password, client secret, or certificate managed by your app team. You turn it on for a resource such as a web app, function, virtual machine, data factory, or automation account. Azure creates an identity for that resource, and the resource can request...
Managed identities
intermediate
4 commands
Aliases: system assigned identity, resource managed identity, SystemAssigned identity, managed service identity
Quick peek
Open full term page
Identity
learning-path-anchor
Tenant ID
A tenant ID is the globally unique identifier for a Microsoft Entra tenant.
Microsoft Entra
fundamentals
4 commands
Aliases: Tenant ID, tenant id, Azure Tenant ID, Microsoft Entra tenant ID, directory ID, tenantId
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Tenant root group
The tenant root group is the highest management group scope associated with a Microsoft Entra tenant.
Management groups
fundamentals
4 commands
Aliases: Tenant root group, tenant root group, Azure Tenant root group, root management group, root group
Quick peek
Open full term page
Databases
premium
Azure SQL logical server
An Azure SQL logical server is a logical administrative construct for Azure SQL Database and related SQL resources. Microsoft Learn describes it as the central point for managing a collection of databases, including logins, firewall rules, auditing, threat detection policies, and failover groups.
Azure SQL Database
fundamentals
16 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Azure subscription
An Azure subscription is a management, billing, and scale unit for Azure resources.
Azure scope
fundamentals
7 commands
Aliases: subscription
Quick peek
Open full term page
Identity
premium
Federated credential
A Federated credential is a Microsoft Entra trust configuration that allows a workload to exchange a token from an external identity provider for an Entra access token without using a stored secret. Teams use it to let approved external workloads such as pipelines, automation systems, or Kubernetes workloads authenticate to Azure using signed tokens instead of long-lived client secrets. It is not a user password, general RBAC grant, certificate, managed identity by itself, or permission to access Azure resources without matching issuer, subject, audience, and role assignment controls.
Workload identity
intermediate
6 commands
Aliases: workload federated credential, OIDC credential, external identity federation credential, federated trust credential
Quick peek
Open full term page
Identity
premium
Federated identity credential
A Federated identity credential is a Microsoft Entra credential object that defines the issuer, subject, and audience trusted for workload identity federation. Teams use it to allow a specific external workload identity to authenticate as an Entra application or user-assigned managed identity without storing a client secret or certificate. It is not a role assignment, token issued by Azure, user sign-in method, broad trust for every workflow in a repository, or evidence that the workload can access resources without RBAC.
Workload identity
intermediate
6 commands
Aliases: Microsoft Entra federated identity credential, FIC, workload identity credential, OIDC federation credential
Quick peek
Open full term page
Databases
premium
PostgreSQL connection string
Application configuration that identifies the PostgreSQL server, database, port, authentication method, and TLS path used by a workload.
Data platform
intermediate
6 commands
Aliases: PostgreSQL connection string, postgresql connection string, connection string, Azure Database for PostgreSQL connection string, FQDN, port 5432, port 6432
Quick peek
Open full term page
Integration
premium
Service Bus authorization rule
Service Bus authorization rule is a shared access policy on a namespace, queue, or topic. It names a key pair and grants Listen, Send, or Manage rights, letting applications create SAS tokens or connection strings scoped to the messaging entity they are allowed to use.
Service Bus
fundamentals
6 commands
Aliases: Service Bus SAS policy, Service Bus shared access policy, Service Bus authorization policy, SAS authorization rule
Quick peek
Open full term page
Identity
premium
Service principal
A service principal is the local Microsoft Entra identity for an application or automation instance in a tenant. It represents the app for sign-in, consent, and authorization, and it can receive Azure RBAC roles or API permissions without using a human user account.
Azure identity
fundamentals
6 commands
Aliases: Microsoft Entra service principal, Service principal, application service principal, automation identity, service principal, service-principal
Quick peek
Open full term page
Analytics
premium
Synapse SQL administrator
A Synapse SQL administrator is the Synapse RBAC role focused on serverless SQL access and SQL artifacts. It grants broad serverless SQL pool permissions plus create, read, update, and delete access to published SQL scripts, credentials, and linked services within a workspace.
Synapse Analytics
intermediate
6 commands
Aliases: Synapse SQL Administrator, Synapse SQL admin, SQL administrator in Synapse, Synapse SQL admin role
Quick peek
Open full term page
Identity
premium
Access package
An access package bundles resources someone may need for a job or project. Instead of asking separately for groups, apps, or sites, a user requests the package, and Entra applies approval, duration, review, and removal rules.
Identity operations
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Access review
An access review is a governance check asking, “Should this access still exist?” It lets owners, managers, users, or admins review access to groups, apps, access packages, and privileged roles, then keep or remove access based on decisions and recommendations.
Governance
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Account SAS
An account SAS is a powerful storage access token signed with the account key. It can grant limited access across multiple storage services, but because it is key-based and hard to audit, keep permissions narrow and expiry short.
Blob Storage
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Containers
premium
ACR admin user
The ACR admin user is the quick username-and-password login for a registry. It can be convenient for tests, but it weakens accountability because it is shared. For production, prefer Entra identities, managed identities, tokens, or scoped access patterns.
Azure Container Registry
intermediate
5 commands
Aliases: ACR
Quick peek
Open full term page
Containers
premium
ACR scope map
An ACR scope map is a reusable set of repository permissions in Azure Container Registry. It groups actions such as content read, content write, delete, and metadata access, then applies that permission boundary to one or more non-Microsoft Entra registry tokens.
Azure Container Registry
intermediate
5 commands
Aliases: Azure Container Registry scope map, repository scope map, registry token scope map
Quick peek
Open full term page
Containers
premium
AKS managed identity
An AKS managed identity is a Microsoft Entra identity that an AKS cluster uses to manage Azure resources without stored service principal secrets.
AKS identity
Intermediate
5 commands
Aliases: Azure Kubernetes Service managed identity, aks managed identity
Quick peek
Open full term page
Identity
premium
App registration
An app registration is the identity profile for an application, not the application code itself. It tells Microsoft Entra ID how the app is allowed to sign in users or request tokens. It contains values developers copy into configuration, such as client ID, tenant, redirect URI, credentials, and permissions. When sign-in breaks, consent fails, or tokens contain the wrong audience, the app registration is often where engineers look first. It is the contract between the app, Entra ID, administrators, and downstream APIs.
Applications
fundamentals
5 commands
Aliases: Microsoft Entra app registration, application registration
Quick peek
Open full term page
Web
premium
App Service authentication provider
An identity provider configured in App Service Authentication, such as Microsoft Entra ID, that handles user sign-in for the app. It helps learners understand where the concept appears in Azure operations and what to verify before changing it.
App Service
intermediate
5 commands
Aliases: app service authentication provider, authentication provider
Quick peek
Open full term page
Analytics
premium
Azure Databricks Unity Catalog
A unified governance layer in Azure Databricks for data and AI assets, including catalogs, schemas, tables, volumes, models, privileges, and lineage.
Data governance
intermediate
5 commands
Aliases: Unity Catalog
Quick peek
Open full term page
DevOps
premium
Azure DevOps organization
The top-level Azure DevOps Services container that connects related projects, users, repositories, pipelines, artifacts, permissions, and organization settings.
Azure DevOps
fundamentals
5 commands
Aliases: Azure DevOps org
Quick peek
Open full term page
AI and Machine Learning
premium
Azure OpenAI managed identity
Azure OpenAI managed identity uses Microsoft Entra identities so Azure workloads can call model endpoints without stored keys.
Azure OpenAI
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Azure tenant
An Azure tenant is the Microsoft Entra directory that provides identity and access management for users, groups, applications, service principals, devices, and Azure resources associated with an organization.
Azure identity
fundamentals
5 commands
Aliases: tenant, Microsoft Entra tenant, tenant ID
Quick peek
Open full term page
Identity
premium
B2B collaboration
Microsoft Entra B2B collaboration lets organizations invite external users and business partners to access applications and resources while keeping control of corporate data and access policies.
External identities
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Integration
premium
Event Hubs authorization rule
An Event Hubs authorization rule is a named shared access signature policy on a namespace or event hub that grants listen, send, or manage rights through cryptographic keys. Teams use it to control SAS-based producer, consumer, or management access when an application cannot use Microsoft Entra role-based access directly. It is not a Microsoft Entra role assignment, a managed identity, a firewall rule, or a proof that a generated token is safe forever. In production, confirm the namespace, event hub, partitions, capacity, identity, network path, consumer group, checkpoint behavior, monitoring, and owner before treating the stream as safe.
Event Hubs
intermediate
5 commands
Aliases: Event Hub authorization rule, Event Hubs SAS authorization rule, Shared access policy for Event Hubs
Quick peek
Open full term page
Integration
premium
Event Hubs SAS policy
An Event Hubs SAS policy is an authorization rule with shared keys and permissions that can produce SAS tokens or connection strings for Event Hubs access. Teams use it to grant time-bound or key-based Event Hubs access when Microsoft Entra ID is not practical for a producer or consumer. It is not a managed identity, RBAC assignment, Key Vault secret by itself, or a safe replacement for least-privilege access review. In production, confirm the namespace, event hub, partitions, identity, network path, consumer groups, checkpoints, metrics, owner, and rollback plan before treating the stream design as healthy.
Event Hubs
intermediate
5 commands
Aliases: shared access signature policy, SAS authorization rule, Event Hubs access policy
Quick peek
Open full term page
Storage
premium
Kerberos authentication for Azure Files
Kerberos authentication for Azure Files is the identity-based SMB authentication option that lets Azure file shares use Kerberos with a supported directory identity source instead of only storage keys or SAS.
Azure Files
advanced
5 commands
Aliases: Azure Files Kerberos, Microsoft Entra Kerberos for Azure Files, identity-based authentication for Azure Files, SMB Kerberos Azure Files
Quick peek
Open full term page
Containers
premium
kubeconfig
kubeconfig is the client configuration that tells kubectl and related tools which Kubernetes cluster, user credential, context, and namespace to use. Microsoft Learn describes AKS access through credentials retrieved with az aks get-credentials, where context selection determines which cluster receives operational commands.
AKS access and administration
Intermediate
5 commands
Aliases: Kubernetes config file, AKS kubeconfig, kubectl configuration, cluster credentials
Quick peek
Open full term page
Identity
premium
Object ID
An Object ID is the unique ID for a specific thing inside Microsoft Entra ID. That thing might be a user, group, service principal, managed identity, or enterprise application object. It is not the friendly display name, and it is not always the same as an application client ID. In Azure operations, the Object ID is the value people often need when assigning RBAC roles, checking ownership, troubleshooting identity, or proving exactly which principal was granted access.
Microsoft Entra
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Management and Governance
premium
Root management group
The root management group is the top of the Azure governance tree for a tenant. Because everything sits beneath it, policies or access assigned there can have very wide impact. Treat root-scope changes as enterprise-level decisions.
Management groups
intermediate
5 commands
Aliases: tenant root group
Quick peek
Open full term page
Integration
premium
Service Bus managed identity
Service Bus managed identity means using Microsoft Entra managed identities so Azure-hosted applications can access Service Bus without stored credentials. Applications receive RBAC roles such as Data Sender or Data Receiver, while Service Bus namespace identities may also be assigned for service-managed scenarios such as encryption configuration.
Service Bus
fundamentals
5 commands
Aliases: Service Bus identity-based access, Service Bus Entra authentication, managed identity for Service Bus, Service Bus secretless authentication, Service Bus RBAC identity
Quick peek
Open full term page
Virtual Desktop Infrastructure
premium
Session host
A session host is a virtual machine registered with an Azure Virtual Desktop host pool to run user desktops or RemoteApp sessions. It carries the operating system, installed applications, agent registration, domain or Microsoft Entra join state, and capacity that users actually consume.
Virtual desktops
fundamentals
5 commands
Aliases: Session host, session-host, session host, Session-host
Quick peek
Open full term page
Identity
premium
Active assignment
An active assignment is privileged access that is usable immediately for its assignment period without requiring activation. In Microsoft Entra Privileged Identity Management, active assignments differ from eligible assignments, which require an activation step such as MFA, justification, or approval before privileges can be used.
Privileged access
intermediate
4 commands
Aliases: PIM active assignment, active role assignment, standing privileged assignment
Quick peek
Open full term page
Identity
premium
Admin consent
Admin consent is a Microsoft Entra approval that grants an application requested permissions, often tenant-wide, to access protected resources. In everyday Azure work, teams use it to approve SaaS apps, internal applications, or multi-tenant integrations that need permissions users cannot safely grant themselves. The useful evidence is application ID, service principal, requested scopes or app
Microsoft Entra ID
intermediate
4 commands
Aliases: tenant-wide admin consent, application permission consent, Entra admin consent
Quick peek
Open full term page
Identity
premium
App role
An app role is an application-defined permission or responsibility, such as Reader, Approver, or Orders.Write. The resource application defines the role, and users, groups, or client applications can be assigned to it. When the user or application gets a token, the role can appear as a claim for.
Identity operations
fundamentals
4 commands
Aliases: application role, Microsoft Entra app role
Quick peek
Open full term page
Identity
premium
App role assignment
An app role assignment is the actual grant that connects a principal to an app role. The principal might be a user, group, or service principal, and the role is defined by the resource application. Without an assignment, the role exists but nobody receives it. With an assignment, tokens or.
Identity operations
intermediate
4 commands
Aliases: application role assignment, Microsoft Entra app role assignment
Quick peek
Open full term page
Identity
premium
Application permission
An application permission is an app-only permission, also exposed as an app role, that lets a client application access a resource without a signed-in user after consent is granted.
Identity operations
fundamentals
4 commands
Aliases: application permission
Quick peek
Open full term page
Storage
premium
AzCopy
AzCopy is the Microsoft command-line utility used to move data into, out of, and between Azure Storage services such as blobs and file shares. In Azure, teams encounter it when storage teams migrate data, seed analytics lakes, copy backups, or synchronize large folders without writing a custom transfer program. The useful question is what behavior
Blob Storage
fundamentals
4 commands
Aliases: AzCopy v10, Azure Storage AzCopy, azcopy copy, azcopy sync
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search