Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 43 matching terms.
Storage
premium
Minimum TLS version for Storage
Minimum TLS version for Storage is a storage account setting that rejects client connections using TLS versions below the configured minimum. Teams should manage it with clear ownership, monitoring, rollback evidence, and production change discipline.
Storage security
intermediate
4 commands
Aliases: TLS minimum for storage, TLS1_2 storage, minimum TLS for Azure Storage, minimumTlsVersion, storage minimum TLS
Quick peek
Open full term page
Web
field-manual-complete
App Service TLS binding
An App Service TLS binding tells App Service which certificate to use for a custom domain. Without it, your app might be reachable by name but still show browser warnings, serve the wrong certificate, or fail HTTPS checks. The binding connects a hostname, a certificate thumbprint, and a binding type such as SNI. For users, it is the difference between a trusted secure site and a launch that looks broken or unsafe. Treat it as launch-blocking configuration.
App Service Security
intermediate
5 commands
Aliases: TLS binding, SSL binding, App Service certificate binding, custom domain HTTPS binding
Quick peek
Open full term page
Databases
field-manual-complete
Redis TLS port
Redis TLS port is the connection path your Redis client uses when traffic must be encrypted. In many Azure Cache for Redis deployments, TLS clients use port 6380 while the old non-TLS port is 6379. Azure Managed Redis uses port 10000 for both TLS and non-TLS modes. The exact port matters because client libraries, firewall rules, private endpoints, health probes, and connection strings must agree. A wrong port can look like a Redis outage even when the cache is healthy.
Azure Managed Redis
intermediate
5 commands
Aliases: Redis SSL port, Redis encrypted port, Azure Redis TLS endpoint, Redis port 6380
Quick peek
Open full term page
Storage
complete
Storage account minimum TLS
Microsoft Learn describes the storage account minimum TLS setting as the required Transport Layer Security version for requests to Azure Storage. Clients using older TLS versions can be rejected, helping teams enforce stronger encrypted transport for Blob, File, Queue, and Table access.
Storage accounts
fundamentals
5 commands
Aliases: minimum TLS for storage, Azure Storage TLS minimum, storage TLS floor, minimum transport security for storage
Quick peek
Open full term page
Storage
complete
Storage account minimum TLS version
Microsoft Learn identifies minimumTlsVersion as the storage account property that sets the lowest Transport Layer Security version accepted by Azure Storage. Operators configure the value through portal, CLI, PowerShell, templates, or policy to block clients using older TLS versions. settings. consistently. consistently.
Storage accounts
advanced
5 commands
Aliases: minimumTlsVersion, storage minimum TLS version, TLS version setting for storage, Azure Storage TLS version
Quick peek
Open full term page
Storage
learning-path-anchor
Table service endpoint
A Table service endpoint is the address your application uses when it talks to Azure Table Storage. For a normal Azure Storage account, it looks like an account-specific table URL. That address is not just a string in a connection setting; it determines DNS resolution, firewall evaluation, private endpoint routing, TLS, SDK configuration, and what operators test during an outage. If the endpoint is wrong, the table might exist and credentials might be valid, but clients still fail to connect.
Table Storage
intermediate
5 commands
Aliases: Azure Table endpoint, Table Storage endpoint, storage table endpoint, Table data-plane endpoint
Quick peek
Open full term page
Databases
premium
PostgreSQL connection string
Application configuration that identifies the PostgreSQL server, database, port, authentication method, and TLS path used by a workload.
Data platform
intermediate
6 commands
Aliases: PostgreSQL connection string, postgresql connection string, connection string, Azure Database for PostgreSQL connection string, FQDN, port 5432, port 6432
Quick peek
Open full term page
Containers
premium
AKS ingress controller
Microsoft Learn explains AKS ingress through Kubernetes ingress resources and controllers that route HTTP or HTTPS traffic to services in a cluster. AKS application routing options can configure ingress controllers, DNS integration, TLS handling, and related networking components for production applications.
AKS networking
intermediate
5 commands
Aliases: AKS ingress, Ingress controller for AKS, Kubernetes ingress controller
Quick peek
Open full term page
Containers
premium
Container Apps custom domain
A custom hostname assigned to a Container App ingress endpoint.
Azure Container Apps
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Containers
premium
Container Apps ingress
The Container Apps setting that controls whether and how HTTP or TCP traffic reaches a container app.
Azure Container Apps
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Networking
premium
Front Door
Azure Front Door is Microsoft’s global edge service for modern web applications. Microsoft Learn describes it as a cloud CDN that provides fast, reliable, and secure access to static and dynamic content through Microsoft’s global edge network worldwide.
Application delivery and API edge
intermediate
5 commands
Aliases: Azure Front Door, AFD, Azure Front Door Standard, Azure Front Door Premium, global edge
Quick peek
Open full term page
Networking
premium
Hybrid Connection
A Hybrid Connection lets an Azure App Service app reach a specific TCP host and port in another network through Azure Relay.
Azure App Service and Azure Relay
fundamentals
5 commands
Aliases: Hybrid Connection, hybrid connection
Quick peek
Open full term page
Storage
premium
Infrastructure encryption for storage
Infrastructure encryption for storage controls how Azure Storage applies optional double encryption to blobs, files, queues, or tables depending on account and scope configuration. Teams see it in storage account creation, encryption blade. It is not blob immutability, soft delete, encryption in transit, customer-managed key rotation, or disabling shared key authorization; confusing them can create storage accounts that cannot meet compliance, rebuild-only remediation. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Azure Storage Security
Intermediate
5 commands
Aliases: storage infrastructure encryption, storage account double encryption, require infrastructure encryption, double encryption for Azure Storage
Quick peek
Open full term page
Networking
premium
Ingress
Ingress controls how users, APIs, partners, and internal services can reach a workload and which network controls protect that entry point. Teams see it in container apps ingress settings, kubernetes ingress controllers. It is not egress, a firewall rule alone, a load balancer backend pool, or an application route inside code; confusing them can create public exposure, unreachable apps. Use the term when reviewing access, monitoring, cost, recovery, or performance. It keeps architects, operators, security reviewers, and support teams focused on the same setting, resource, or behavior.
Application Networking
Fundamentals
5 commands
Aliases: incoming application traffic, inbound app traffic, Container Apps ingress, external ingress, internal ingress
Quick peek
Open full term page
Security
premium
Key Vault
Azure Key Vault is a cloud service for storing and controlling access to secrets, keys, and certificates. It helps applications, administrators, and automation protect sensitive values with encryption, access control, logging, purge protection, private networking, and managed integration across Azure workloads.
Secrets and keys
Fundamentals
5 commands
Aliases: Key Vault, Azure Key Vault, vault, secrets store, certificate vault, secure secrets store, key vault resource
Quick peek
Open full term page
Integration
premium
AMQP 1.0
AMQP 1.0 is the protocol path Service Bus and Event Hubs clients use for reliable Azure messaging, including native AMQP and WebSockets transport choices.
Messaging protocols
Intermediate
4 commands
Aliases: Advanced Message Queuing Protocol 1.0, AMQP, AMQP over WebSockets, AMQP transport
Quick peek
Open full term page
Web
premium
App Service
Azure App Service is a managed HTTP-based platform for hosting web apps, REST APIs, and mobile back ends without managing the underlying servers. It helps learners understand where the concept appears in Azure operations and what to verify before changing it.
App Service
intermediate
4 commands
Aliases: App Service, app service
Quick peek
Open full term page
Networking
premium
Application Gateway
Application Gateway is an Azure web traffic load balancer for HTTP and HTTPS applications. It routes requests by host name, path, listener, rule, backend pool, and health status, and can add TLS termination and Web Application Firewall controls when those features are configured.
Application delivery
fundamentals
4 commands
Aliases: Azure Application Gateway, App Gateway, regional layer 7 load balancer, HTTP application load balancer
Quick peek
Open full term page
Networking
premium
Application Gateway HTTP setting
the Application Gateway backend configuration that controls how the gateway connects to backend servers for HTTP or HTTPS requests.
Application delivery and API edge
intermediate
4 commands
Aliases: Application Gateway HTTP setting, application gateway http setting
Quick peek
Open full term page
Databases
premium
Azure SQL transparent data encryption
Azure SQL Transparent Data Encryption helps protect Azure SQL Database data, log files, and backups at rest by encrypting and decrypting database pages without requiring application changes.
Azure SQL Database
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Web
premium
Custom domain
an organization-controlled DNS name bound to an Azure-hosted endpoint instead of the default service hostname.
Domains and TLS
fundamentals
4 commands
Aliases: custom hostname, custom DNS name, application custom domain
Quick peek
Open full term page
Networking
premium
Load Balancer
Azure Load Balancer distributes TCP and UDP traffic across backend virtual machines, virtual machine scale sets, or IP configurations. It uses frontend IPs, backend pools, health probes, and rules to provide low-latency Layer 4 traffic distribution for public or internal workloads.
Load balancing
fundamentals
4 commands
Aliases: Azure Load Balancer, Standard Load Balancer, internal load balancer, public load balancer, layer 4 load balancer
Quick peek
Open full term page
Web
premium
Managed certificate
A managed certificate in Azure App Service is a platform-created TLS certificate for a supported custom domain. Azure can issue and renew it for basic HTTPS protection, but it has limitations compared with uploaded, Key Vault, or purchased certificates. That context supports safer operational decisions.
TLS
fundamentals
4 commands
Aliases: App Service managed certificate, free managed certificate
Quick peek
Open full term page
Databases
premium
MySQL flexible server parameter
MySQL Flexible Server parameter means a configurable server setting that changes MySQL behavior on Azure Database for MySQL Flexible Server. You see it when teams tune connections, TLS behavior, character sets, memory-related settings, timeouts, logging, or workload-specific database behavior. Think of it as a live behavior control that should be changed from evidence, not copied blindly from a tuning guide. It matters because the setting changes how teams design, secure, operate, and troubleshoot the workload. Before changing it in production, know the owner, dependency, evidence, expected result, and rollback path.
MySQL flexible server
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
MySQL private access
MySQL private access means a MySQL Flexible Server networking model that keeps database connectivity inside a virtual network instead of exposing a public endpoint. You see it when teams host sensitive workloads, enforce network isolation, connect applications through private subnets, or meet compliance expectations. Think of it as private network reachability for the database, not permission to read the data. It matters because the setting changes how teams design, secure, operate, and troubleshoot the workload. Before changing it in production, know the owner, dependency, evidence, expected result, and rollback path.
Azure Database for MySQL
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
MySQL public access
MySQL public access means a MySQL Flexible Server networking model that allows connectivity through a public endpoint controlled by firewall rules. You see it when teams support vendor connections, migration tools, development access, or temporary operations when private connectivity is not available. Think of it as public reachability with strict rules, not open database access. It matters because the setting changes how teams design, secure, operate, and troubleshoot the workload. Before changing it in production, know the owner, dependency, evidence, expected result, and rollback path.
Azure Database for MySQL
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
premium
MySQL server parameter
MySQL server parameter means a configurable MySQL server setting that changes runtime behavior, compatibility, security, logging, or workload tuning. You see it when teams adjust connection limits, SQL behavior, TLS enforcement, timeouts, logging, memory-related settings, or application compatibility. Think of it as a behavior control that needs testing and rollback values. It matters because the setting changes how teams design, secure, operate, and troubleshoot the workload. Before changing it in production, know the owner, dependency, evidence, expected result, and rollback path.
Azure Database for MySQL
fundamentals
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
premium
Azure Storage Discovery
Azure Storage Discovery is a fully managed service that provides enterprise-wide visibility into Azure Blob Storage and Azure Data Lake Storage estates for analysis, optimization, security, and operations.
Storage platform
intermediate
3 commands
Aliases: No aliases yet
Quick peek
Open full term page
Security
premium
Certificate
A certificate is an X.509 object used for TLS, authentication, or cryptographic operations.
Secrets and keys
fundamentals
2 commands
Aliases: No aliases yet
Quick peek
Open full term page
Web
field-manual-complete
App Service custom domain
An App Service custom domain lets people use your real website name instead of the default azurewebsites.net address. You prove that you own the DNS name, point DNS records at the web app, and add the hostname to App Service. The setting is simple on the surface, but production success depends on DNS propagation, ownership verification, TLS certificates, redirects, and whether traffic also passes through Front Door, Traffic Manager, or another edge service. Plan it like a release.
App Service
intermediate
5 commands
Aliases: app service custom domain, custom domain
Quick peek
Open full term page
App Hosting
field-manual-complete
App Service managed certificate
An App Service managed certificate is a free certificate that Azure App Service can issue for an eligible custom domain on a web app or function app.
App Service TLS
Intermediate
5 commands
Aliases: Azure App Service managed certificate, app service managed certificate
Quick peek
Open full term page
Containers
verified
Container Apps certificate
A certificate used for TLS on a Container Apps custom domain.
Azure Container Apps
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
field-manual-complete
Premium storage account
A premium storage account is not just a normal storage account with a fancy name.
Storage accounts
advanced
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Web
field-manual-complete
Private certificate
A private certificate is a certificate your App Service app can use because the private key is available to the platform. Teams bring private certificates when they need to secure a custom domain with their own PFX certificate, use a wildcard certificate, import a certificate from Key Vault, or make the app present a certificate to another system. It is different from a public key certificate and from some managed certificate scenarios. Handle it like a secret: protect the private key, track expiry, and bind the right thumbprint to the right hostname.
App Service
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Containers
strict-validated
AKS service mesh
AKS service mesh is a service-to-service traffic layer for AKS workloads, commonly delivered through the Istio-based add-on for traffic management, mTLS, and telemetry.
AKS networking
Advanced
5 commands
Aliases: Azure Kubernetes Service service mesh, aks service mesh
Quick peek
Open full term page
Web
strict-validated
Basic App Service tier
The Basic App Service tier is a dedicated-compute App Service plan tier intended for lower-scale production, development, or test web apps that need dedicated workers.
App Service plan tiers
fundamentals
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Web
complete
Standard App Service tier
Microsoft Learn describes App Service plan tiers as the compute and feature boundary for apps hosted in Azure App Service. The Standard tier is a production-oriented tier that supports capabilities such as custom domains, TLS, autoscale, deployment slots, and larger dedicated capacity than entry-level tiers.
App Service plans
intermediate
5 commands
Aliases: standard-app-service-tier, Standard App Service tier, App Service Standard tier, Standard App Service plan, S1 App Service plan, S2 App Service plan
Quick peek
Open full term page
Storage
complete
Standard storage account
Microsoft Learn describes a standard general-purpose v2 storage account as the recommended account type for most Azure Storage scenarios. It provides a namespace for blobs, Azure Files, queues, tables, and Data Lake Storage capabilities, with standard redundancy choices such as LRS, ZRS, GRS, RA-GRS, GZRS, and RA-GZRS.
Storage accounts
intermediate
5 commands
Aliases: standard-storage-account, Standard storage account, standard general-purpose v2 storage account, standard GPv2 storage account, Azure Storage standard account, StorageV2 standard account
Quick peek
Open full term page
App platform
complete
Static Web Apps custom domain
Microsoft Learn describes custom domains for Azure Static Web Apps as mappings from your own domain name to a static web app. Configuration includes subdomain or apex-domain options, DNS records for validation and routing, and automatic SSL/TLS certificate creation for the custom domains you add.
Static Web Apps
intermediate
5 commands
Aliases: static-web-apps-custom-domain, Static Web Apps custom domain, Static Web App custom domain, SWA custom domain, custom hostname for Static Web Apps, staticwebapp hostname
Quick peek
Open full term page
Storage
complete
Storage account secure transfer required
Storage account secure transfer required is an account setting that rejects non-secure requests to Azure Storage. When enabled, REST calls must use HTTPS, helping protect authentication material and data in transit from exposure or network interception. It is commonly enabled by default and governed through policy.
Storage accounts
fundamentals
5 commands
Aliases: Storage account secure transfer required, storage account secure transfer required, storage-account-secure-transfer-required, secure transfer required, HTTPS only storage, enableHttpsTrafficOnly
Quick peek
Open full term page
Databases
field-manual-complete
Npgsql
Npgsql is the PostgreSQL driver that .NET applications commonly use to connect to Azure Database for PostgreSQL. The Azure database service hosts and manages the PostgreSQL server; Npgsql is the client-side library that opens connections, sends SQL, reads results, and works with Entity Framework providers. It is not a database server, Azure resource, or firewall rule. It is the bridge between C# code and PostgreSQL behavior, so configuration choices such as connection strings, TLS, pooling, timeouts, and authentication matter.
PostgreSQL connectivity
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
verified
Redis connection resilience
Redis connection resilience is the difference between a brief cache hiccup and a full application outage. Redis clients can lose connections during maintenance, failover, network changes, private endpoint issues, TLS problems, high server load, or application restarts. A resilient application reconnects carefully, retries with limits, avoids flooding Redis, and can fall back to the durable source of truth when needed. The goal is not to pretend Redis never fails; the goal is to make cache failure boring and survivable.
Azure Managed Redis
intermediate
4 commands
Aliases: Redis reconnect resilience, Redis client resilience, Redis timeout strategy
Quick peek
Open full term page
Databases
strict-validated
MySQL firewall rule
MySQL firewall rule means a MySQL Flexible Server network rule that allows selected public IP ranges to reach the server endpoint. You see it when teams permit temporary admin access, vendor connections, migration tools, or controlled public network access to a database. Think of it as a reachability rule, not database authentication or authorization. It matters because the setting changes how teams design, secure, operate, and troubleshoot the workload. Before changing it in production, know the owner, dependency, evidence, expected result, and rollback path.
MySQL Flexible Server networking
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search