Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 664 matching terms. Narrow the search to reduce the list.
Identity
premium
Conditional Access policy
Require phishing-resistant or multifactor authentication for privileged administrators accessing Azure management portals.; Block or challenge risky sign-ins based on sign-in risk, user risk, unfamiliar location, or impo
Privileged access
fundamentals
4 commands
Aliases: Conditional Access policy
Quick peek
Open full term page
Identity
verified
Privileged Role Administrator
Privileged Role Administrator is the role you give to someone who manages other administrators, not ordinary application users.
Privileged access
fundamentals
6 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
field-manual-complete
Privileged Identity Management
Privileged Identity Management, usually called PIM, is the Microsoft Entra feature that keeps powerful access from being permanently active unless someone really needs it.
Access control
fundamentals
5 commands
Aliases: PIM
Quick peek
Open full term page
Analytics
premium
Synapse SQL administrator
A Synapse SQL administrator is the Synapse RBAC role focused on serverless SQL access and SQL artifacts. It grants broad serverless SQL pool permissions plus create, read, update, and delete access to published SQL scripts, credentials, and linked services within a workspace.
Synapse Analytics
intermediate
6 commands
Aliases: Synapse SQL Administrator, Synapse SQL admin, SQL administrator in Synapse, Synapse SQL admin role
Quick peek
Open full term page
Identity
premium
Active assignment
An active assignment is privileged access that is usable immediately for its assignment period without requiring activation. In Microsoft Entra Privileged Identity Management, active assignments differ from eligible assignments, which require an activation step such as MFA, justification, or approval before privileges can be used.
Privileged access
intermediate
4 commands
Aliases: PIM active assignment, active role assignment, standing privileged assignment
Quick peek
Open full term page
Identity
premium
Directory role
A directory role grants permissions to manage Microsoft Entra tenant resources such as users, groups, applications, devices, roles, and security settings.
Privileged access
intermediate
4 commands
Aliases: Microsoft Entra role, administrator role, Entra directory role, tenant administrator role
Quick peek
Open full term page
Identity
premium
Eligible assignment
An eligible assignment grants a user or principal the ability to activate a privileged Microsoft Entra or Azure RBAC role when needed instead of holding it permanently.
Privileged access
intermediate
4 commands
Aliases: PIM eligible assignment, eligible role assignment
Quick peek
Open full term page
Identity
premium
Global Administrator
Global Administrator is the highest-impact Microsoft Entra administrator role most tenants use, with broad authority over directory settings, users, applications, roles, and cross-service administration. Teams use it to perform rare tenant-level administration, recover from access emergencies, manage privileged identity settings, and approve sensitive directory changes. In daily Azure work, it shows up when engineers review privileged role assignments, configure PIM, investigate tenant takeover risk, elevate access for Azure resource recovery, or audit emergency accounts. Review owner, scope, evidence, dependencies, and rollback before production change.
Privileged access
advanced
4 commands
Aliases: Global Admin, Microsoft Entra Global Administrator, tenant global administrator
Quick peek
Open full term page
Identity
premium
Identity Governance
Identity Governance is a Microsoft Entra set of capabilities for managing identity lifecycle, access lifecycle, access reviews, entitlement management, and privileged access.
Identity operations
intermediate
4 commands
Aliases: Entra ID Governance, identity governance, Identity Governance, Microsoft Entra Identity Governance
Quick peek
Open full term page
Identity
premium
Break-glass account
A break-glass account is an emergency access account reserved for tenant recovery when normal administrative sign-in or Conditional Access paths fail.
Privileged access
fundamentals
3 commands
Aliases: emergency access account
Quick peek
Open full term page
Identity
template-specs-upgraded
Role activation
Just-in-time elevation of eligible Microsoft Entra or Azure roles through Privileged Identity Management.
Privileged access
fundamentals
6 commands
Aliases: PIM activation, privileged role activation, eligible role activation, just-in-time role activation, Microsoft Entra role activation
Quick peek
Open full term page
Databases
complete
SQL server administrator
Microsoft Learn explains that when an Azure SQL resource is deployed, a server admin login can be created with administrative rights to the master database and databases on that server. Azure SQL can also use a configured Microsoft Entra administrator for administrative access through Microsoft Entra authentication.
Azure SQL security and identity
intermediate
5 commands
Aliases: Azure SQL server admin, server admin login, SQL administrator login, Microsoft Entra admin for SQL server
Quick peek
Open full term page
Security
field-manual-complete
Least privilege
Least privilege means granting identities only the permissions required to perform their tasks, and no broader access than necessary. Microsoft Learn guidance applies this principle across Azure RBAC, data-plane permissions, privileged access, managed identities, and operational reviews to reduce attack surface and limit blast radius.
Security architecture
fundamentals
2 commands
Aliases: No aliases yet
Quick peek
Open full term page
Identity
premium
Access review
An access review is a governance check asking, “Should this access still exist?” It lets owners, managers, users, or admins review access to groups, apps, access packages, and privileged roles, then keep or remove access based on decisions and recommendations.
Governance
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Security
premium
Just-in-time VM access
Just-in-time VM access is the Microsoft Defender for Cloud control that locks down VM management ports and opens approved inbound access only for a limited time.
Defender for Cloud
intermediate
5 commands
Aliases: JIT VM access, Defender for Cloud JIT, just in time access, JIT network access policy
Quick peek
Open full term page
Analytics
premium
Databricks access connector
A first-party Azure resource that gives Azure Databricks a managed identity for Unity Catalog storage credentials and other governed service access.
Azure Databricks
intermediate
6 commands
Aliases: Access Connector for Azure Databricks, Azure Databricks access connector, Databricks managed identity connector
Quick peek
Open full term page
Identity
premium
Access package
An access package bundles resources someone may need for a job or project. Instead of asking separately for groups, apps, or sites, a user requests the package, and Entra applies approval, duration, review, and removal rules.
Identity operations
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Access tier
An access tier is the storage temperature for blob data. Hot is for frequent access, cool and cold are for less frequent access, and archive is cheapest to store but slowest to retrieve. Choose tiers based on real lifecycle and retrieval needs.
Blob Storage
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Hot access tier
The hot access tier is an Azure Blob Storage tier optimized for data that is actively used and read frequently.
Azure Blob Storage
fundamentals
5 commands
Aliases: Hot access tier, hot access tier
Quick peek
Open full term page
Security
premium
Key Vault access policy
Key Vault access policy controls which identities can read, write, list, delete, recover, sign, unwrap, or manage Key Vault objects when the vault uses policy-based access. Teams see it in key vault access policies blade, secret permissions. It is not Azure RBAC for Key Vault, a network firewall rule, a secret value, a certificate policy, or an application setting; confusing them can create overprivileged identities, broken secret retrieval. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Secrets and keys
Intermediate
5 commands
Aliases: access policy, vault access policy, Key Vault policy permissions, data-plane access policy
Quick peek
Open full term page
Storage
premium
Trusted Microsoft services access
Trusted Microsoft services access is an Azure Storage firewall exception that allows selected Azure services to reach a restricted storage account when their service traffic cannot be represented by virtual network or IP rules. The services still authenticate and must be allowed for supported operations.
Azure Storage
intermediate
5 commands
Aliases: trusted Azure services access, AzureServices bypass, allow trusted Microsoft services, storage trusted services access
Quick peek
Open full term page
Storage
premium
Access ACL
An access ACL is path-level permission in ADLS Gen2. It decides who can read, write, or traverse a file or directory. It works alongside Azure RBAC, so storage access often depends on both role assignments and ACL entries.
Data Lake Storage Gen2
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Access control list inheritance
ACL inheritance in ADLS Gen2 means new files and folders can receive default permissions from a parent directory. It is not a magic fix for existing data; changing a default ACL affects future children unless you also update existing paths.
Azure Storage
intermediate
4 commands
Aliases: ACL inheritance
Quick peek
Open full term page
Identity
premium
Conditional Access
Conditional Access is the rule system that decides what a user, workload, or agent must prove before getting into an application. It is not just an MFA switch. A policy can ask who is signing in, where the request comes from, what device is used, which app is targeted, and whether risk signals look suspicious. Then it can allow access, block it, require stronger authentication, demand a compliant device, or.
Access control
fundamentals
4 commands
Aliases: Conditional Access, Microsoft Entra Conditional Access, conditional-access, Entra Conditional Access
Quick peek
Open full term page
Databases
premium
MySQL private access
MySQL private access means a MySQL Flexible Server networking model that keeps database connectivity inside a virtual network instead of exposing a public endpoint. You see it when teams host sensitive workloads, enforce network isolation, connect applications through private subnets, or meet compliance expectations. Think of it as private network reachability for the database, not permission to read the data. It matters because the setting changes how teams design, secure, operate, and troubleshoot the workload. Before changing it in production, know the owner, dependency, evidence, expected result, and rollback path.
Azure Database for MySQL
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
MySQL public access
MySQL public access means a MySQL Flexible Server networking model that allows connectivity through a public endpoint controlled by firewall rules. You see it when teams support vendor connections, migration tools, development access, or temporary operations when private connectivity is not available. Think of it as public reachability with strict rules, not open database access. It matters because the setting changes how teams design, secure, operate, and troubleshoot the workload. Before changing it in production, know the owner, dependency, evidence, expected result, and rollback path.
Azure Database for MySQL
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Blob access condition
Blob access condition is documented by Microsoft as part of the Blob Storage area in Azure.
Blob Storage
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Blob last access time tracking
Blob last access time tracking is a Blob service setting that records a LastAccessTime property for blobs when supported access operations occur.
Blob Storage
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Blob public access
Blob public access is optional anonymous read access for blobs or containers when the storage account and container configuration allow it.
Blob Storage
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Blob public access level
Blob public access level is the container setting that controls whether anonymous clients can read no data, blobs only, or both container listings and blobs.
Blob Storage
fundamentals
3 commands
Aliases: Blob public access level, public access level, blob public access level
Quick peek
Open full term page
Storage
premium
Cold access tier
A storage feature or access model in Blob Storage that helps teams store, protect, move, and govern application or analytics data with clearer ownership, safety, and operational context.
Blob Storage
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Container access level
the Blob Storage container setting that decides whether anonymous clients can read no data, individual blobs, or container listings and blobs
Storage platform
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Container public access level
the Blob Storage container setting that decides whether anonymous reads are private, blob-only, or container-level
Blob Storage access
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Cool access tier
A storage feature or access model in Blob Storage that helps teams store, protect, move, and govern application or analytics data with clearer ownership, safety, and operational context.
Blob Storage
fundamentals
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Security
premium
Managed identity for data access
Managed identity for data access is the pattern of using a managed identity to let a workload read or write data without embedded secrets. Teams use it when pipelines, applications, jobs, or analytics services need secure access to storage, databases, or other data services. In plain English, it gives operators a named control for least-privilege data access, reduced secret exposure, and cleaner audit trails instead of leaving the decision hidden in a portal setting, script, or deployment file. Treat it as production-ready only when the owner, dependencies, permission boundary, monitoring signal, and rollback evidence are clear.
Data access security
intermediate
3 commands
Aliases: Managed identity for data access, Microsoft Entra ID, Data access security
Quick peek
Open full term page
Storage
premium
Archive access tier
Archive access tier is the low-cost, offline storage tier for blob data that you keep for long retention but do not need to read quickly. It is useful for backups, compliance records, historical exports, and evidence that must remain available eventually, not immediately. The tradeoff is simple: storage is cheaper, but retrieval takes planning.
Blob Storage
intermediate
2 commands
Aliases: Azure Blob archive tier, Archive tier, Blob archive access tier
Quick peek
Open full term page
Storage
verified
Read-access geo-redundant storage
Read-access geo-redundant storage, or RA-GRS, replicates storage account data synchronously within the primary region and asynchronously to a paired secondary region, while exposing a secondary read endpoint. It lets applications read replicated data if the primary region becomes unavailable or secondary-read patterns are intentionally designed.
Storage redundancy
intermediate
10 commands
Aliases: RA-GRS, Standard_RAGRS, read-access GRS, read-access geo redundant storage, secondary read endpoint
Quick peek
Open full term page
Storage
complete
Storage account access key
A storage feature or access model in Storage accounts that helps teams store, protect, move, and govern application or analytics data with clearer ownership, safety, and operational context.
Storage accounts
advanced
10 commands
Aliases: storage access key, account key, shared key, storage key
Quick peek
Open full term page
Databases
verified
Redis access key
A single primary or secondary secret used by Redis clients when key-based authentication is enabled for an Azure Redis cache.
Cache
intermediate
7 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
verified
Redis access keys
The primary and secondary key pair used for key-based authentication to an Azure Redis cache when that mode is enabled.
Cache and in-memory data
fundamentals
7 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
field-manual-complete
Last access time tracking
Last access time tracking for Azure Blob Storage records when a blob was last read or written so lifecycle policies can use access age. Microsoft Learn describes the lastAccessTime condition, daily update behavior, billing considerations, and limitations when moving or deleting data based on recent access.
Storage platform
intermediate
6 commands
Aliases: No aliases yet
Quick peek
Open full term page
Web
field-manual-complete
App Service access restriction
App Service access restriction is the rule list that decides which inbound clients are allowed to reach a web app before the request reaches your code.
App Service networking
intermediate
5 commands
Aliases: access restriction, app service access restriction
Quick peek
Open full term page
Security
field-manual-complete
Least privilege data access
Microsoft Learn describes least privilege as granting users and applications only the data and operations required to do their jobs. In Azure data access, that means scoped roles, managed identities, limited secrets, network controls, and reviewable permissions instead of broad owner-style access.
Data operations
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
field-manual-complete
PostgreSQL private access
PostgreSQL private access means the flexible server is reached through private networking instead of an internet-facing endpoint. The server sits in a delegated subnet in a virtual network, and clients resolve its name through Private DNS. Apps in the same virtual network, peered networks, VPN, or ExpressRoute can connect if routing and security rules allow it. For a learner, the key idea is simple: choose private access when the database should behave like an internal service, not a public database with firewall openings.
PostgreSQL flexible server
intermediate
5 commands
Aliases: PostgreSQL private networking, PostgreSQL VNet integration, Private access for PostgreSQL flexible server, PostgreSQL delegated subnet access
Quick peek
Open full term page
Databases
field-manual-complete
PostgreSQL public access
PostgreSQL public access means the flexible server has a public DNS name that can be reached over the internet, but only IP ranges you allow get a chance to connect. It is not anonymous access; users still need valid PostgreSQL credentials and encrypted connections. This option is useful when clients cannot use a virtual network, VPN, or ExpressRoute path. The important lesson is that public access is a controlled doorway, not a private network. The doorway needs tight firewall rules, ownership, and regular review.
PostgreSQL flexible server
fundamentals
5 commands
Aliases: PostgreSQL public endpoint, PostgreSQL allowed IP addresses, PostgreSQL firewall access, Public access for PostgreSQL flexible server
Quick peek
Open full term page
Networking
verified
Public network access
Whether a resource can be reached over public endpoints.
Networking
advanced
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
verified
Read-access geo-zone-redundant storage
Read-access geo-zone-redundant storage, or RA-GZRS, combines zone redundancy in the primary region, geo-replication to a secondary region, and a secondary read endpoint. It protects against zonal failures while preserving read access to replicated data when the primary region or application path is impaired.
Storage redundancy
intermediate
5 commands
Aliases: RA-GZRS, Standard_RAGZRS, read-access GZRS, read-access geo-zone redundant storage, zone and geo read access
Quick peek
Open full term page
Storage
field-manual-complete
Stored access policy
A stored access policy is a server-side rule attached to a storage container, queue, table, or share that can control service SAS permissions, start time, and expiry. SAS tokens bound to the policy can be changed or revoked by updating the stored policy instead of every token.
Blob Storage
intermediate
5 commands
Aliases: stored access policy for SAS, SAS stored policy, storage access policy, service SAS policy
Quick peek
Open full term page
Storage
complete
Storage account public network access
Public network access is the storage account setting that controls whether requests can reach the account through public Azure Storage endpoints. Teams pair it with firewalls, virtual network rules, trusted-services exceptions, and private endpoints to decide whether only private network paths should be allowed.
Storage accounts
advanced
5 commands
Aliases: public access for storage account, storage public network access, storage public endpoint access, publicNetworkAccess
Quick peek
Open full term page
Storage
field-manual-complete
Blob access tier
Blob access tier controls the storage cost, retrieval cost, and availability behavior for blob data across hot, cool, cold, and archive choices.
Blob Storage
intermediate
4 commands
Aliases: Blob tier, storage access tier, archive tier
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search