Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 1,760 matching terms. Narrow the search to reduce the list.
Identity
premium
Enterprise application
Enterprise application properties in Microsoft Entra ID configure the organization-specific service principal settings for an application, including user assignment, single sign-on, provisioning, and ownership.
Microsoft Entra applications
intermediate
4 commands
Aliases: Entra enterprise application, service principal application, enterprise app
Quick peek
Open full term page
Databases
premium
Microsoft Entra authentication for SQL
Microsoft Entra authentication for SQL is the use of Microsoft Entra identities to authenticate to Azure SQL Database, SQL Managed Instance, or related SQL resources. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Azure SQL identity
intermediate
4 commands
Aliases: Azure SQL Entra authentication, Azure AD authentication for SQL, SQL Entra auth
Quick peek
Open full term page
Identity
premium
Microsoft Entra ID
Microsoft Entra ID is the cloud identity platform that stores tenant identities and provides authentication, authorization, application registration, and access governance for Azure. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Identity platform
fundamentals
4 commands
Aliases: Entra ID, Azure Active Directory, Azure AD, AAD
Quick peek
Open full term page
Databases
complete
SQL Microsoft Entra authentication
Microsoft Learn describes Microsoft Entra authentication for Azure SQL as using identities from Microsoft Entra ID to authenticate to Azure SQL Database, Azure SQL Managed Instance, Synapse SQL, and related SQL platforms. It supports users, groups, applications, and managed identities while database permissions still control authorization.
Azure SQL security and identity
intermediate
5 commands
Aliases: Azure SQL Entra authentication, Microsoft Entra authentication for Azure SQL, Azure AD authentication for SQL, Entra ID SQL authentication
Quick peek
Open full term page
Databases
premium
Azure SQL Microsoft Entra authentication
A database capability or setting in Azure SQL Database that helps teams store, query, scale, secure, and recover application data with clearer ownership, safety, and operational context.
Azure SQL Database
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
Microsoft Entra admin for SQL
Microsoft Entra admin for SQL is the Microsoft Entra identity designated to administer an Azure SQL logical server or SQL Managed Instance through Entra authentication. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Azure SQL identity
intermediate
4 commands
Aliases: Azure SQL Entra admin, Azure AD admin for SQL, SQL Entra administrator
Quick peek
Open full term page
Identity
premium
Microsoft Entra group
Entra group means a Microsoft Entra ID group object used to manage membership, access assignments, application permissions, and governance workflows as a unit. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Directory groups
intermediate
4 commands
Aliases: Entra group, Azure AD group, directory group
Quick peek
Open full term page
Identity
premium
Microsoft 365 group
Microsoft 365 group is a collaboration-backed group object in Microsoft Entra ID used for shared membership across Microsoft 365 resources and some Azure access patterns. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Microsoft Entra ID
fundamentals
4 commands
Aliases: M365 group, Office 365 group, Microsoft 365 collaboration group
Quick peek
Open full term page
AI and Machine Learning
premium
Microsoft Foundry
Microsoft Foundry is the Microsoft AI platform experience used to build, evaluate, deploy, and manage AI applications, models, agents, and related project assets. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
AI platform
intermediate
4 commands
Aliases: Azure AI Foundry, Foundry, AI Foundry
Quick peek
Open full term page
Management and Governance
premium
Microsoft Purview account
Microsoft Purview account is the Azure resource boundary for Microsoft Purview data governance, catalog, scanning, classification, lineage, and policy workflows. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Data governance
intermediate
4 commands
Aliases: Purview account, Microsoft Purview governance account, Azure Purview account
Quick peek
Open full term page
Security
top-250-pre130-priority-upgraded
Microsoft Sentinel
Microsoft Sentinel means Microsoft cloud SIEM and SOAR service for collecting security signals, detecting threats, investigating incidents, and automating response. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
SIEM and SOAR
fundamentals
4 commands
Aliases: Sentinel, Azure Sentinel, Microsoft Sentinel SIEM
Quick peek
Open full term page
Storage
premium
Trusted Microsoft services access
Trusted Microsoft services access is an Azure Storage firewall exception that allows selected Azure services to reach a restricted storage account when their service traffic cannot be represented by virtual network or IP rules. The services still authenticate and must be allowed for supported operations.
Azure Storage
intermediate
5 commands
Aliases: trusted Azure services access, AzureServices bypass, allow trusted Microsoft services, storage trusted services access
Quick peek
Open full term page
Storage
premium
Trusted Microsoft services for storage
Trusted Microsoft services for Azure Storage are specific Azure services that Microsoft documents as eligible for storage firewall exceptions. Depending on the service, access may be based on tenant registration, supported operations, or managed identity authorization combined with Azure RBAC or Data Lake ACLs.
Storage platform
intermediate
5 commands
Aliases: trusted Azure services for Storage, storage trusted services list, Azure Storage trusted services, trusted services storage firewall
Quick peek
Open full term page
Analytics
premium
Microsoft Fabric lakehouse
Microsoft Fabric lakehouse is a Microsoft Fabric data item that stores files and tables in OneLake while exposing lakehouse-style analytics and engineering experiences. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Microsoft Fabric
intermediate
4 commands
Aliases: Fabric lakehouse, lakehouse item, OneLake lakehouse
Quick peek
Open full term page
Storage
premium
Microsoft-managed key for storage
Microsoft-managed key for Storage means the default Azure Storage encryption approach where Microsoft manages the keys that protect stored data at rest. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Storage encryption
advanced
4 commands
Aliases: platform-managed key for storage, PMK for storage, Microsoft managed storage encryption key
Quick peek
Open full term page
Identity
learning-path-anchor
System-assigned managed identity
A system-assigned managed identity lets one Azure resource authenticate without a stored password, client secret, or certificate managed by your app team. You turn it on for a resource such as a web app, function, virtual machine, data factory, or automation account. Azure creates an identity for that resource, and the resource can request...
Managed identities
intermediate
4 commands
Aliases: system assigned identity, resource managed identity, SystemAssigned identity, managed service identity
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse workspace managed identity
A Synapse workspace managed identity is the workspace's own identity in Microsoft Entra ID. Instead of saving passwords, keys, or connection strings inside pipelines and notebooks, Synapse can use this identity to ask for tokens and reach trusted Azure resources. It is commonly used for Data Lake Storage, Key Vault, SQL, and linked service...
Synapse Analytics
intermediate
8 commands
Aliases: Synapse managed service identity, Synapse MSI, workspace system-assigned identity, Synapse workspace identity
Quick peek
Open full term page
Integration
premium
Service Bus authorization rule
Service Bus authorization rule is a shared access policy on a namespace, queue, or topic. It names a key pair and grants Listen, Send, or Manage rights, letting applications create SAS tokens or connection strings scoped to the messaging entity they are allowed to use.
Service Bus
fundamentals
6 commands
Aliases: Service Bus SAS policy, Service Bus shared access policy, Service Bus authorization policy, SAS authorization rule
Quick peek
Open full term page
Identity
premium
Service principal
A service principal is the local Microsoft Entra identity for an application or automation instance in a tenant. It represents the app for sign-in, consent, and authorization, and it can receive Azure RBAC roles or API permissions without using a human user account.
Azure identity
fundamentals
6 commands
Aliases: Microsoft Entra service principal, Service principal, application service principal, automation identity, service principal, service-principal
Quick peek
Open full term page
Identity
premium
Access package
An access package bundles resources someone may need for a job or project. Instead of asking separately for groups, apps, or sites, a user requests the package, and Entra applies approval, duration, review, and removal rules.
Identity operations
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Access review
An access review is a governance check asking, “Should this access still exist?” It lets owners, managers, users, or admins review access to groups, apps, access packages, and privileged roles, then keep or remove access based on decisions and recommendations.
Governance
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
App registration
An app registration is the identity profile for an application, not the application code itself. It tells Microsoft Entra ID how the app is allowed to sign in users or request tokens. It contains values developers copy into configuration, such as client ID, tenant, redirect URI, credentials, and permissions. When sign-in breaks, consent fails, or tokens contain the wrong audience, the app registration is often where engineers look first. It is the contract between the app, Entra ID, administrators, and downstream APIs.
Applications
fundamentals
5 commands
Aliases: Microsoft Entra app registration, application registration
Quick peek
Open full term page
AI and Machine Learning
premium
Azure OpenAI managed identity
Azure OpenAI managed identity uses Microsoft Entra identities so Azure workloads can call model endpoints without stored keys.
Azure OpenAI
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Azure tenant
An Azure tenant is the Microsoft Entra directory that provides identity and access management for users, groups, applications, service principals, devices, and Azure resources associated with an organization.
Azure identity
fundamentals
5 commands
Aliases: tenant, Microsoft Entra tenant, tenant ID
Quick peek
Open full term page
Identity
premium
B2B collaboration
Microsoft Entra B2B collaboration lets organizations invite external users and business partners to access applications and resources while keeping control of corporate data and access policies.
External identities
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Integration
premium
Service Bus managed identity
Service Bus managed identity means using Microsoft Entra managed identities so Azure-hosted applications can access Service Bus without stored credentials. Applications receive RBAC roles such as Data Sender or Data Receiver, while Service Bus namespace identities may also be assigned for service-managed scenarios such as encryption configuration.
Service Bus
fundamentals
5 commands
Aliases: Service Bus identity-based access, Service Bus Entra authentication, managed identity for Service Bus, Service Bus secretless authentication, Service Bus RBAC identity
Quick peek
Open full term page
Virtual Desktop Infrastructure
premium
Session host
A session host is a virtual machine registered with an Azure Virtual Desktop host pool to run user desktops or RemoteApp sessions. It carries the operating system, installed applications, agent registration, domain or Microsoft Entra join state, and capacity that users actually consume.
Virtual desktops
fundamentals
5 commands
Aliases: Session host, session-host, session host, Session-host
Quick peek
Open full term page
Identity
premium
Admin consent
Admin consent is a Microsoft Entra approval that grants an application requested permissions, often tenant-wide, to access protected resources. In everyday Azure work, teams use it to approve SaaS apps, internal applications, or multi-tenant integrations that need permissions users cannot safely grant themselves. The useful evidence is application ID, service principal, requested scopes or app
Microsoft Entra ID
intermediate
4 commands
Aliases: tenant-wide admin consent, application permission consent, Entra admin consent
Quick peek
Open full term page
Identity
premium
App role
An app role is an application-defined permission or responsibility, such as Reader, Approver, or Orders.Write. The resource application defines the role, and users, groups, or client applications can be assigned to it. When the user or application gets a token, the role can appear as a claim for.
Identity operations
fundamentals
4 commands
Aliases: application role, Microsoft Entra app role
Quick peek
Open full term page
Identity
premium
Client ID
A client ID is the application identifier assigned to an app registration by Microsoft Entra ID. Microsoft Learn describes the Application, or client, ID as the value that uniquely identifies an application in the Microsoft identity platform across tenants and clouds.
Applications
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Client secret
A client secret is a password-style credential added to an app registration so a confidential application can authenticate to Microsoft Entra ID. Microsoft Learn recommends managing credentials carefully and also supports certificates and federated credentials for stronger automation patterns and rotation.
Applications
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Directory
A directory is the Microsoft Entra identity container associated with users, groups, applications, service principals, devices, and tenant-level identity configuration.
Tenant identity
fundamentals
4 commands
Aliases: Microsoft Entra directory, tenant directory, identity directory, Azure AD directory
Quick peek
Open full term page
Identity
premium
Directory role
A directory role grants permissions to manage Microsoft Entra tenant resources such as users, groups, applications, devices, roles, and security settings.
Privileged access
intermediate
4 commands
Aliases: Microsoft Entra role, administrator role, Entra directory role, tenant administrator role
Quick peek
Open full term page
Identity
premium
Entitlement management
Entitlement management uses access packages to govern access to groups, applications, SharePoint sites, and other resources for internal and external identities.
Identity Governance
intermediate
4 commands
Aliases: Microsoft Entra entitlement management, Entra entitlement management, access package governance
Quick peek
Open full term page
Identity
premium
Global Administrator
Global Administrator is the highest-impact Microsoft Entra administrator role most tenants use, with broad authority over directory settings, users, applications, roles, and cross-service administration. Teams use it to perform rare tenant-level administration, recover from access emergencies, manage privileged identity settings, and approve sensitive directory changes. In daily Azure work, it shows up when engineers review privileged role assignments, configure PIM, investigate tenant takeover risk, elevate access for Azure resource recovery, or audit emergency accounts. Review owner, scope, evidence, dependencies, and rollback before production change.
Privileged access
advanced
4 commands
Aliases: Global Admin, Microsoft Entra Global Administrator, tenant global administrator
Quick peek
Open full term page
Identity
premium
Multifactor authentication
Multifactor authentication means a Microsoft Entra sign-in control that requires two or more verification factors before access is granted. You see it when teams protect Azure portal access, privileged roles, risky sign-ins, and sensitive applications from password-only compromise. Think of it as stronger proof of user identity during sign-in, not a replacement for least privilege or role review. It matters because the setting changes how teams design, secure, operate, and troubleshoot the workload. Before changing it in production, know the owner, dependency, evidence, expected result, and rollback path.
Access control
fundamentals
4 commands
Aliases: MFA
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Tenant deployment
A tenant deployment is a Resource Manager deployment executed at Microsoft Entra tenant scope.
ARM deployments
intermediate
5 commands
Aliases: Tenant deployment, tenant deployment, Azure Tenant deployment, tenant scope deployment, az deployment tenant, ARM tenant deployment
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Tenant scope
Tenant scope is the highest Azure Resource Manager deployment and governance context tied to a Microsoft Entra tenant.
Management scopes
fundamentals
5 commands
Aliases: Tenant scope, tenant scope, Azure Tenant scope, tenant level scope, ARM tenant scope, targetScope tenant
Quick peek
Open full term page
Identity
premium
Certificate credential
A certificate credential lets an app authenticate with a certificate instead of a shared secret.
Applications
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Managed identity
A managed identity is an automatically managed Microsoft Entra identity assigned to a supported Azure resource. It lets workloads authenticate to services that support Microsoft Entra authentication without storing passwords, certificates, or client secrets in code, configuration, or deployment pipelines.
Microsoft Entra workload identity
intermediate
3 commands
Aliases: Managed identity, system-assigned managed identity, user-assigned managed identity, Azure workload identity, secretless authentication, system-assigned identity, user-assigned identity, Microsoft Entra ID, Microsoft Entra workload identity
Quick peek
Open full term page
Security
premium
Managed identity for data access
Managed identity for data access is the pattern of using a managed identity to let a workload read or write data without embedded secrets. Teams use it when pipelines, applications, jobs, or analytics services need secure access to storage, databases, or other data services. In plain English, it gives operators a named control for least-privilege data access, reduced secret exposure, and cleaner audit trails instead of leaving the decision hidden in a portal setting, script, or deployment file. Treat it as production-ready only when the owner, dependencies, permission boundary, monitoring signal, and rollback evidence are clear.
Data access security
intermediate
3 commands
Aliases: Managed identity for data access, Microsoft Entra ID, Data access security
Quick peek
Open full term page
Databases
premium
Managed instance database
A managed instance database is a database hosted inside Azure SQL Managed Instance with managed platform operations and SQL Server compatibility features. Teams use it when a workload needs managed SQL operations while keeping instance-level features closer to SQL Server. In plain English, it gives operators a named control for database-level ownership, backup evidence, restore planning, and migration clarity within a managed instance instead of leaving the decision hidden in a portal setting, script, or deployment file. Treat it as production-ready only when the owner, dependencies, permission boundary, monitoring signal, and rollback evidence are clear.
Azure SQL Managed Instance
intermediate
3 commands
Aliases: Managed instance database, Azure SQL Managed Instance
Quick peek
Open full term page
Analytics
learning-path-anchor
Databricks model serving
A managed serving endpoint pattern for exposing Databricks models or AI workloads for online inference with operational controls.
Databricks
intermediate
4 commands
Aliases: Databricks Model Serving, serving endpoint, model serving endpoint
Quick peek
Open full term page
Identity
learning-path-anchor
Tenant ID
A tenant ID is the globally unique identifier for a Microsoft Entra tenant.
Microsoft Entra
fundamentals
4 commands
Aliases: Tenant ID, tenant id, Azure Tenant ID, Microsoft Entra tenant ID, directory ID, tenantId
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Tenant root group
The tenant root group is the highest management group scope associated with a Microsoft Entra tenant.
Management groups
fundamentals
4 commands
Aliases: Tenant root group, tenant root group, Azure Tenant root group, root management group, root group
Quick peek
Open full term page
Databases
learning-path-anchor
Cosmos DB dedicated gateway
Azure Cosmos DB dedicated gateway is provisioned server-side compute that fronts an account and enables the integrated cache for supported NoSQL workloads.
Azure Cosmos DB
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
learning-path-anchor
Data Lake storage account
A storage feature or access model in Data Lake Storage Gen2 that helps teams store, protect, move, and govern application or analytics data with clearer ownership, safety, and operational context.
Data Lake Storage Gen2
advanced
19 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
Azure SQL logical server
An Azure SQL logical server is a logical administrative construct for Azure SQL Database and related SQL resources. Microsoft Learn describes it as the central point for managing a collection of databases, including logins, firewall rules, auditing, threat detection policies, and failover groups.
Azure SQL Database
fundamentals
16 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
verified
Workload identity
A workload identity is an identity assigned to software, such as an application, service, script, or container, so it can authenticate to Microsoft Entra protected resources. In Azure, examples include app registrations, service principals, managed identities, and federated workload identities.
Workload identity
fundamentals
6 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
template-specs-upgraded
SAML
Microsoft Learn describes SAML 2.0 as a protocol for authentication requests and responses that Microsoft Entra ID supports for single sign-on. Enterprise applications use SAML settings such as identifier, reply URL, claims, and signing certificates. and centralized policy enforcement. and enterprise SSO troubleshooting.
Authentication
fundamentals
6 commands
Aliases: Security Assertion Markup Language, SAML 2.0, SAML single sign-on, SAML SSO, federated SSO
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search