Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 1,980 matching terms. Narrow the search to reduce the list.
Security
premium
Key
Key controls how protected workloads use cryptographic material for encryption, signing, key wrapping, customer-managed keys, and regulated data protection. Teams see it in key vault keys, managed hsm keys. It is not a password, secret value, certificate, storage account key, shared access signature, or application configuration setting; confusing them can create failed encryption operations, accidental key deletion. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Secrets and cryptography
Fundamentals
5 commands
Aliases: Azure Key Vault key, cryptographic key, key object, encryption key
Quick peek
Open full term page
Integration
verified
Receive and delete
Receive and delete is an Azure Service Bus receive mode where the broker considers a message settled as soon as it sends the message to the receiver. If transfer or processing fails afterward, the message is lost instead of being redelivered.
Azure Service Bus
intermediate
5 commands
Aliases: ReceiveAndDelete, receive-and-delete mode, destructive read, at-most-once receive
Quick peek
Open full term page
Integration
verified
Receive-and-delete mode
A integration pattern or service capability in Messaging that helps teams connect services reliably without tightly coupling every component with clearer ownership, safety, and operational context.
Messaging
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse workspace managed identity
A Synapse workspace managed identity is the workspace's own identity in Microsoft Entra ID. Instead of saving passwords, keys, or connection strings inside pipelines and notebooks, Synapse can use this identity to ask for tokens and reach trusted Azure resources. It is commonly used for Data Lake Storage, Key Vault, SQL, and linked service...
Synapse Analytics
intermediate
8 commands
Aliases: Synapse managed service identity, Synapse MSI, workspace system-assigned identity, Synapse workspace identity
Quick peek
Open full term page
Analytics
learning-path-anchor
Databricks secret scope
A named Databricks collection of secrets used to store credentials and grant controlled read or manage access to workloads.
Databricks
fundamentals
4 commands
Aliases: Databricks secrets scope, secret scope, Azure Databricks secrets
Quick peek
Open full term page
Storage
learning-path-anchor
Data Lake storage account
A storage feature or access model in Data Lake Storage Gen2 that helps teams store, protect, move, and govern application or analytics data with clearer ownership, safety, and operational context.
Data Lake Storage Gen2
advanced
19 commands
Aliases: No aliases yet
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse Spark pool
A Synapse Spark pool is the workspace compute definition Azure Synapse uses to start Apache Spark sessions. It records node size, node count, autoscale behavior, runtime version, packages, and idle timeout so notebooks, Spark jobs, and pipelines get repeatable distributed processing.
Synapse Analytics
fundamentals
8 commands
Aliases: Apache Spark pool, Spark pool, Synapse Apache Spark pool, serverless Spark pool
Quick peek
Open full term page
Analytics
premium
Databricks access connector
A first-party Azure resource that gives Azure Databricks a managed identity for Unity Catalog storage credentials and other governed service access.
Azure Databricks
intermediate
6 commands
Aliases: Access Connector for Azure Databricks, Azure Databricks access connector, Databricks managed identity connector
Quick peek
Open full term page
Identity
premium
Federated credential
A Federated credential is a Microsoft Entra trust configuration that allows a workload to exchange a token from an external identity provider for an Entra access token without using a stored secret. Teams use it to let approved external workloads such as pipelines, automation systems, or Kubernetes workloads authenticate to Azure using signed tokens instead of long-lived client secrets. It is not a user password, general RBAC grant, certificate, managed identity by itself, or permission to access Azure resources without matching issuer, subject, audience, and role assignment controls.
Workload identity
intermediate
6 commands
Aliases: workload federated credential, OIDC credential, external identity federation credential, federated trust credential
Quick peek
Open full term page
DevOps
premium
Service connection
Service connection is an Azure DevOps project resource that stores how a pipeline authenticates to Azure or another external service. In Azure Resource Manager connections, it can use workload identity federation, a managed identity, or a service principal so pipeline tasks can deploy safely.
CI/CD
fundamentals
6 commands
Aliases: Azure DevOps service connection, service endpoint, Azure Pipelines service connection, Azure RM service connection
Quick peek
Open full term page
Identity
premium
Service principal
A service principal is the local Microsoft Entra identity for an application or automation instance in a tenant. It represents the app for sign-in, consent, and authorization, and it can receive Azure RBAC roles or API permissions without using a human user account.
Azure identity
fundamentals
6 commands
Aliases: Microsoft Entra service principal, Service principal, application service principal, automation identity, service principal, service-principal
Quick peek
Open full term page
Storage
premium
Account SAS
An account SAS is a powerful storage access token signed with the account key. It can grant limited access across multiple storage services, but because it is key-based and hard to audit, keep permissions narrow and expiry short.
Blob Storage
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Containers
premium
ACR admin user
The ACR admin user is the quick username-and-password login for a registry. It can be convenient for tests, but it weakens accountability because it is shared. For production, prefer Entra identities, managed identities, tokens, or scoped access patterns.
Azure Container Registry
intermediate
5 commands
Aliases: ACR
Quick peek
Open full term page
Containers
premium
AKS managed identity
An AKS managed identity is a Microsoft Entra identity that an AKS cluster uses to manage Azure resources without stored service principal secrets.
AKS identity
Intermediate
5 commands
Aliases: Azure Kubernetes Service managed identity, aks managed identity
Quick peek
Open full term page
Identity
premium
App registration
An app registration is the identity profile for an application, not the application code itself. It tells Microsoft Entra ID how the app is allowed to sign in users or request tokens. It contains values developers copy into configuration, such as client ID, tenant, redirect URI, credentials, and permissions. When sign-in breaks, consent fails, or tokens contain the wrong audience, the app registration is often where engineers look first. It is the contract between the app, Entra ID, administrators, and downstream APIs.
Applications
fundamentals
5 commands
Aliases: Microsoft Entra app registration, application registration
Quick peek
Open full term page
Web
premium
App Service logs
Microsoft Learn explains App Service diagnostic logging as settings that collect application logs, web server logs, detailed errors, failed request traces, container logs, and platform resource logs for App Service apps. These logs can be streamed, stored temporarily, written to storage, or routed through Azure Monitor.
App Service diagnostics
intermediate
5 commands
Aliases: Azure App Service logs, app service logs
Quick peek
Open full term page
Containers
premium
Container Apps
A serverless Azure service for running containerized apps and jobs without directly operating Kubernetes clusters.
Serverless containers
fundamentals
5 commands
Aliases: Azure Container Apps
Quick peek
Open full term page
Containers
premium
Container Apps environment variable
An environment variable passed into a Container Apps container.
Azure Container Apps
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Integration
premium
Event Grid managed identity delivery
Event Grid managed identity delivery is the pattern where Event Grid uses a managed identity on a topic, domain, or system topic to authenticate event delivery to supported destinations. In Azure, it shows up when teams want to deliver events to Azure destinations without storing destination keys or embedding secrets in event subscription configuration. Teams use it to review system-assigned or user-assigned identity, Event Grid topic or domain identity settings, destination RBAC role assignments, delivery identity settings, dead-letter identity settings, and monitoring before changing production behavior.
Event routing
advanced
5 commands
Aliases: Event Grid managed identity event delivery, managed identity delivery for Event Grid
Quick peek
Open full term page
Containers
premium
Image pull secret
Image pull secret is a Kubernetes secret that stores registry credentials so pods can pull private container images at deployment time.
Azure Container Registry
intermediate
5 commands
Aliases: Image pull secret, image pull secret, image-pull-secret
Quick peek
Open full term page
Security
premium
Key Vault
Azure Key Vault is a cloud service for storing and controlling access to secrets, keys, and certificates. It helps applications, administrators, and automation protect sensitive values with encryption, access control, logging, purge protection, private networking, and managed integration across Azure workloads.
Secrets and keys
Fundamentals
5 commands
Aliases: Key Vault, Azure Key Vault, vault, secrets store, certificate vault, secure secrets store, key vault resource
Quick peek
Open full term page
Security
premium
Key Vault access policy
Key Vault access policy controls which identities can read, write, list, delete, recover, sign, unwrap, or manage Key Vault objects when the vault uses policy-based access. Teams see it in key vault access policies blade, secret permissions. It is not Azure RBAC for Key Vault, a network firewall rule, a secret value, a certificate policy, or an application setting; confusing them can create overprivileged identities, broken secret retrieval. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Secrets and keys
Intermediate
5 commands
Aliases: access policy, vault access policy, Key Vault policy permissions, data-plane access policy
Quick peek
Open full term page
Containers
premium
Kubelet identity
Kubelet identity controls how AKS nodes authenticate to Azure resources for node-level tasks, especially pulling container images from registries without embedded secrets. Teams see it in aks identity profile, node pools. It is not cluster control-plane identity, workload identity, pod managed identity, service account token, kubeconfig credential, or container registry admin user; confusing them can create image pull failures, overbroad registry access. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
AKS identity
Intermediate
5 commands
Aliases: AKS kubelet identity, node pool kubelet identity, AKS node managed identity, identityProfile kubeletidentity
Quick peek
Open full term page
Web
premium
local.settings.json
Microsoft Learn describes local.settings.json as the Azure Functions local settings file that stores app settings and tool settings for local development. Values in this file are used only locally and must be added separately to the function app in Azure.
Azure Functions
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
DevOps
premium
Pipeline in Azure DevOps
A pipeline in Azure DevOps is an automated build, test, and deployment workflow. Microsoft Learn describes Azure Pipelines as CI/CD for many languages, platforms, and targets, with YAML or classic definitions that connect source changes to repeatable delivery stages.
CI/CD
fundamentals
5 commands
Aliases: Azure Pipelines, ADO pipeline, Azure DevOps CI/CD pipeline, YAML pipeline, Azure Pipeline, DevOps pipeline
Quick peek
Open full term page
Security
premium
Secret
A secret is sensitive data that Azure Key Vault stores and controls, such as a password, API key, token, or connection string. Secrets have names, values, versions, metadata, and access controls, and Key Vault encrypts them at rest through audited operations.
Secrets and keys
fundamentals
5 commands
Aliases: Azure secret, Key Vault secret, secret value, application secret, stored credential
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse SQL CETAS
Synapse SQL CETAS means CREATE EXTERNAL TABLE AS SELECT. It creates external table metadata and exports the result of a T-SQL SELECT statement in parallel to files in Azure Storage or Azure Data Lake Storage Gen2 for later SQL or lake consumption.
Synapse Analytics
fundamentals
6 commands
Aliases: CREATE EXTERNAL TABLE AS SELECT, CETAS, Synapse CETAS, serverless SQL CETAS
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse SQL external table
A Synapse SQL external table is database metadata that lets Synapse SQL query files stored outside the database, usually in Azure Storage or ADLS Gen2. It references an external data source, file format, and file location for governed SQL analytics.
Synapse Analytics
fundamentals
6 commands
Aliases: external table in Synapse, Synapse external table, SQL external table, external table over lake files
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse SQL on-demand
Synapse SQL on-demand is the serverless SQL pool model in Azure Synapse Analytics. It lets teams run T-SQL queries over data in the lake without provisioning dedicated warehouse capacity, storing only metadata objects while using external data sources, views, functions, and security objects.
Synapse Analytics
fundamentals
6 commands
Aliases: SQL on-demand, Synapse serverless SQL, serverless SQL in Synapse, built-in serverless SQL pool
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse Studio
Synapse Studio is the browser-based workspace experience for Azure Synapse Analytics. It exposes hubs for data, development, integration, monitoring, and management, letting users author notebooks and SQL scripts, build pipelines, configure connections, review access, and work with Git-backed or live artifacts.
Synapse Analytics
fundamentals
6 commands
Aliases: Azure Synapse Studio, Synapse web workspace, Synapse workspace UI, Synapse authoring experience
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse workspace firewall
A Synapse workspace firewall is the IP allowlist around a Synapse workspace when it accepts public network traffic. It decides which client IPv4 ranges can attempt to connect before identity permissions are evaluated. It does not grant access by itself; a user or service still needs the right Azure, Synapse, or SQL permissions. It...
Synapse Analytics
intermediate
6 commands
Aliases: Synapse IP firewall rule, workspace firewall rule, Synapse workspace IP allowlist, Synapse public endpoint firewall
Quick peek
Open full term page
Storage
learning-path-anchor
Sync group
A sync group is the container that tells Azure File Sync which cloud file share and which Windows Server folders should stay synchronized. Think of it as one file namespace with a hub in Azure and one or more on-premises or edge locations attached to it. If two groups represent different shares or business...
Files, queues, and tables
fundamentals
6 commands
Aliases: Azure File Sync group, file sync group, sync topology, storage sync group
Quick peek
Open full term page
Identity
premium
Client secret
A client secret is a password-style credential added to an app registration so a confidential application can authenticate to Microsoft Entra ID. Microsoft Learn recommends managing credentials carefully and also supports certificates and federated credentials for stronger automation patterns and rotation.
Applications
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Containers
premium
Container Apps job
A Container Apps resource for running scheduled, event-driven, or manual containerized tasks to completion.
Azure Container Apps
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Web
premium
Function app managed identity
Function app managed identity is a Microsoft Entra identity assigned to a function app so its code and supported bindings can access Azure resources without storing passwords or connection strings. Teams use it to replace secrets in app settings with identity-based access to services such as Storage, Service Bus, Key Vault, Event Hubs, SQL, or monitoring resources. In daily Azure work, it shows up when engineers grant a function app data-plane permissions, remove leaked connection strings, configure identity-based bindings, or investigate why a trigger cannot reach its dependency.
Azure Functions
intermediate
4 commands
Aliases: Azure Functions managed identity, managed identity for Functions, function app identity
Quick peek
Open full term page
Compute
premium
Host key
Host key is an Azure Functions access key scoped to the function app host that can authorize requests to multiple HTTP-triggered functions.
Azure Functions
beginner
4 commands
Aliases: Azure Functions host key, function app host key, Host key, host-key
Quick peek
Open full term page
Integration
premium
Logic Apps managed identity
A Logic Apps managed identity is the Microsoft Entra identity assigned to a Logic Apps workflow or Standard logic app resource so the workflow can authenticate to supported Azure resources without storing passwords, shared keys, or long-lived secrets in governed production environments.
Azure Logic Apps
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Integration
premium
Service Bus SAS policy
A Service Bus SAS policy is a shared access authorization rule on a namespace, queue, or topic. It defines rights such as Send, Listen, or Manage and provides keys used to create shared access signature tokens or connection strings. for controlled access.
Service Bus
fundamentals
4 commands
Aliases: Azure Service Bus SAS policy, Service Bus shared access policy, Service Bus authorization rule
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse SQL script
A Synapse SQL script is a saved T-SQL authoring artifact in Synapse Studio. Users create or import scripts in the Develop hub, connect them to a dedicated or serverless SQL pool, run queries, review tabular results, export output, and organize scripts into folders.
Synapse Analytics
fundamentals
5 commands
Aliases: SQL script in Synapse, Synapse Studio SQL script, T-SQL script artifact, Synapse query script
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse workload group
A Synapse workload group is a dedicated SQL pool workload management object that reserves, caps, and grants resources for classified requests. It uses settings such as MIN_PERCENTAGE_RESOURCE, CAP_PERCENTAGE_RESOURCE, and request resource grant percentages to shape isolation, containment, concurrency, and execution behavior.
Synapse Analytics
fundamentals
5 commands
Aliases: workload group in Synapse, dedicated SQL pool workload group, CREATE WORKLOAD GROUP, Synapse workload isolation group
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse workspace repository
A Synapse workspace repository is where a Synapse workspace saves its authoring artifacts when Git integration is enabled. Instead of every notebook, pipeline, SQL script, linked service, or dataset living only in the live workspace, the team works through branches, commits, pull requests, and a publish branch. That gives data engineers a familiar code-review...
Synapse Analytics
fundamentals
5 commands
Aliases: Synapse Git repository, Synapse source control, Synapse code repository, workspace Git integration
Quick peek
Open full term page
AI and Machine Learning
learning-path-anchor
Synonym map
A synonym map helps Azure AI Search understand that different words can mean the same thing for search. Users may type laptop, notebook, ultrabook, or a product nickname, while the indexed document uses only one of those terms. The synonym map teaches the search service to expand or rewrite the query so relevant documents...
Azure AI Search
intermediate
5 commands
Aliases: AI Search synonym map, search synonyms, synonymMaps, equivalent terms map
Quick peek
Open full term page
Databases
learning-path-anchor
Synthetic partition key
A synthetic partition key is a partition key value you create because no single natural field distributes Cosmos DB data well enough. For example, tenantId alone may create one huge tenant partition, while date alone may concentrate today's traffic. A synthetic key might combine tenant, region, and date bucket into one stored value that...
Cosmos DB
intermediate
5 commands
Aliases: generated partition key, composite partition key value, calculated partition key, synthetic key
Quick peek
Open full term page
AI and Machine Learning
learning-path-anchor
System message
A system message is the instruction layer that tells an Azure OpenAI chat model how it should behave before it answers the user's request. It can define the assistant's role, tone, allowed sources, formatting rules, safety boundaries, and refusal behavior. It is stronger than an ordinary user message, but it is not magic and...
Azure OpenAI
fundamentals
5 commands
Aliases: system prompt, metaprompt, developer instruction, assistant instruction
Quick peek
Open full term page
Storage
learning-path-anchor
Table service endpoint
A Table service endpoint is the address your application uses when it talks to Azure Table Storage. For a normal Azure Storage account, it looks like an account-specific table URL. That address is not just a string in a connection setting; it determines DNS resolution, firewall evaluation, private endpoint routing, TLS, SDK configuration, and what operators test during an outage. If the endpoint is wrong, the table might exist and credentials might be valid, but clients still fail to connect.
Table Storage
intermediate
5 commands
Aliases: Azure Table endpoint, Table Storage endpoint, storage table endpoint, Table data-plane endpoint
Quick peek
Open full term page
Storage
learning-path-anchor
Table Storage
Table Storage is Azure Storage for simple structured NoSQL records. You create tables, store entities, and identify each entity with a PartitionKey and RowKey. It is useful when the data is large, sparse, inexpensive to keep, and usually accessed by known keys. It is not a relational database, search engine, or analytics warehouse. The best fit is operational data that can be denormalized, read directly, updated independently, and kept cheap without requiring joins, stored procedures, or secondary indexes.
Table Storage
fundamentals
5 commands
Aliases: Azure Table Storage, Storage Tables, Azure Storage Tables, Azure Tables storage
Quick peek
Open full term page
Governance
learning-path-anchor
Tag inheritance
Tag inheritance is the controlled reuse of tags from a higher Azure or billing scope. Cost Management can apply higher-scope tags to usage records for reporting, while Azure Policy can copy selected parent tag values onto resources for governance at scale.
Resource tagging
fundamentals
5 commands
Aliases: inherited tags, Azure tag inheritance, billing tag inheritance, policy tag inheritance
Quick peek
Open full term page
Governance
learning-path-anchor
Tag name
A tag name is the label key in an Azure tag. In Environment=Prod, Environment is the tag name and Prod is the value. The name tells people and tools what question the tag answers: who owns this, what cost center pays for it, what environment is it, or what application does it support? Good tag names are short, consistent, boring, and governed. Bad tag names create duplicate categories like CostCenter, cost-center, CostCentre, and BillingCode that fracture reports.
Resource tagging
fundamentals
5 commands
Aliases: tag key, Azure tag key, resource tag name, metadata tag name
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Tag value
A tag value is the answer attached to a tag name. If the tag name is Environment, the value might be Production, Test, or Sandbox. If the name is CostCenter, the value might be a finance code. Values are where governance becomes meaningful, because they separate one owner, workload, data class, or lifecycle state from another. A good value is standardized, approved, and easy to query. A bad value is free-text chaos: prod, production, PROD, live, and critical all trying to mean the same thing.
Tags and naming
fundamentals
5 commands
Aliases: tag values, Azure tag value, resource tag value, tag metadata value
Quick peek
Open full term page
Management and Governance
learning-path-anchor
Tagging strategy
A tagging strategy is the playbook for using tags without making a mess. It answers simple but important questions: which tags are required, who owns the list, which values are allowed, where tags are applied, and what happens when a resource is missing one. Without a strategy, tags become random notes. With a strategy, tags become a dependable system for cost allocation, ownership, lifecycle cleanup, compliance evidence, and operational routing. The best strategies are small enough to follow and strict enough to m
Tags and naming
fundamentals
5 commands
Aliases: Azure tagging strategy, tag governance strategy, tag taxonomy, resource tagging standard
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search