Glossary
Search Azure terms
Open a clear definition, then continue into exam context, architecture, commands, operational examples, common mistakes, and related concepts.
Search all
Commands
Learning guides
Concept graph
Compare
Search-first Azure knowledge base
Term results
Search for a term or click a category. Results render only after you ask for them, so the glossary does not dump every available term on first load. Each result includes Quick peek and Open full term page actions.
Start with a search or a category.
Try managed identity , resource group , az group , private endpoint , or click Databases to load all database-related terms.
Showing 50 of 1,077 matching terms. Narrow the search to reduce the list.
Networking
premium
Web Application Firewall
Azure Web Application Firewall is a centralized protection service for HTTP applications. It can run with Application Gateway, Front Door, Application Gateway for Containers, or Azure CDN, using managed and custom rules to detect and block common exploits such as SQL injection and cross-site scripting.
Application security
fundamentals
6 commands
Aliases: WAF, Azure WAF, Application Gateway WAF, Front Door WAF
Quick peek
Open full term page
Networking
premium
Application Gateway
Application Gateway is an Azure web traffic load balancer for HTTP and HTTPS applications. It routes requests by host name, path, listener, rule, backend pool, and health status, and can add TLS termination and Web Application Firewall controls when those features are configured.
Application delivery
fundamentals
4 commands
Aliases: Azure Application Gateway, App Gateway, regional layer 7 load balancer, HTTP application load balancer
Quick peek
Open full term page
Security
premium
Application Gateway WAF policy
An Application Gateway WAF policy stores Web Application Firewall configuration for Application Gateway v2. It includes managed rules, custom rules, exclusions, and policy settings, and can be associated globally, with a listener, or with a path-based rule for targeted web request inspection.
Web application firewall
intermediate
4 commands
Aliases: Application Gateway WAF policy, WAF policy for Application Gateway, Azure WAF policy, regional WAF policy
Quick peek
Open full term page
Networking
premium
DDoS Protection
Azure DDoS Protection is a network-layer protection service that helps defend Azure public IP resources against distributed denial-of-service attacks using always-on traffic monitoring, adaptive mitigation, telemetry, and response capabilities.
Network security
intermediate
6 commands
Aliases: Azure DDoS Protection, DDoS Network Protection, DDoS IP Protection, distributed denial of service protection
Quick peek
Open full term page
Networking
premium
Front Door
Azure Front Door is Microsoft’s global edge service for modern web applications. Microsoft Learn describes it as a cloud CDN that provides fast, reliable, and secure access to static and dynamic content through Microsoft’s global edge network worldwide.
Application delivery and API edge
intermediate
5 commands
Aliases: Azure Front Door, AFD, Azure Front Door Standard, Azure Front Door Premium, global edge
Quick peek
Open full term page
Networking
premium
Front Door profile
Front Door profile is the top-level Azure Front Door Standard or Premium resource that groups edge endpoints, routes, origins, domains, rule sets, security associations, and delivery settings. Teams use it to manage a global application entry point without treating each endpoint, route, or origin as a separate product. In daily Azure work, it shows up when engineers review edge architecture, add a new website, tune routing, attach custom domains, configure WAF, or troubleshoot global traffic. It is not the same thing as a single endpoint, DNS name, backend app, CDN cache rule, or web application firewall policy.
Application delivery and API edge
intermediate
5 commands
Aliases: Azure Front Door profile, AFD profile, Front Door Standard/Premium profile
Quick peek
Open full term page
Networking
premium
Front Door endpoint
A Front Door endpoint is a logical grouping of one or more routes associated with domain names in an Azure Front Door profile.
Application delivery and API edge
intermediate
4 commands
Aliases: Azure Front Door endpoint, AFD endpoint, azurefd.net endpoint
Quick peek
Open full term page
Networking
premium
Front Door route
Front Door route is the Azure Front Door configuration that decides which domain and path patterns send user requests to which origin group. Teams use it to connect edge endpoints and custom domains to backend applications while controlling accepted protocols, forwarding behavior, caching, and rule-set association. In daily Azure work, it shows up when engineers add APIs, split static and dynamic paths, migrate origins, route traffic between regions, or investigate why a request reached the wrong backend.
Application delivery and API edge
intermediate
4 commands
Aliases: AFD route, Azure Front Door route, edge route
Quick peek
Open full term page
Networking
premium
Front Door rules engine
Front Door rules engine is the Azure Front Door capability that applies edge rules to matching requests before they are sent to an origin. Teams use it to move selected routing, redirect, rewrite, header, and cache behavior to the edge instead of baking every rule into application code. In daily Azure work, it shows up when engineers tune SEO redirects, add security headers, rewrite paths, vary caching, preserve legacy URLs, or explain unexpected behavior before the origin ever receives traffic.
Application delivery and API edge
advanced
4 commands
Aliases: Front Door rule set, AFD rule set, rules engine
Quick peek
Open full term page
Networking
template-specs-upgraded
Rewrite rule
Application Gateway rule logic for modifying request or response headers and URLs before backend handling.
Application delivery and API edge
intermediate
6 commands
Aliases: Application Gateway rewrite rule, URL rewrite rule, HTTP header rewrite rule, rewrite rule set, App Gateway rewrite
Quick peek
Open full term page
Networking
field-manual-complete
URL path map
A URL path map is an Azure Application Gateway configuration that routes requests to different backend pools based on path patterns in the URL. It connects path rules, backend targets, and HTTP settings so one gateway can serve multiple application paths.
Application Gateway
intermediate
5 commands
Aliases: path-based routing map, Application Gateway path map, URL route map, path rule map
Quick peek
Open full term page
Web
premium
Web App
A Web App is an Azure App Service application for hosting web applications, REST APIs, or mobile back ends without managing servers. It runs on an App Service plan, supports common language stacks or containers, and integrates with deployment, scaling, networking, identity, and monitoring features.
App Service
intermediate
6 commands
Aliases: Azure Web App, App Service Web App, Microsoft.Web/sites, App Service app
Quick peek
Open full term page
Integration
premium
Event Grid webhook endpoint
An Event Grid webhook endpoint is an HTTPS endpoint configured as an event handler that validates ownership and receives Event Grid events over HTTP. Teams use it to send Event Grid events to a custom HTTPS application, API, Azure Function HTTP trigger, automation webhook, or supported workflow endpoint. It is not a storage queue, Event Hubs destination, or an endpoint that can skip Event Grid validation. In production, confirm the source, subscription, destination, filters, schema, identity, retry behavior, failure handling, monitoring, and owner before treating the route as safe.
Event Grid
intermediate
5 commands
Aliases: Event Grid webhook handler, webhook endpoint for Event Grid
Quick peek
Open full term page
Analytics
learning-path-anchor
Synapse workspace firewall
A Synapse workspace firewall is the IP allowlist around a Synapse workspace when it accepts public network traffic. It decides which client IPv4 ranges can attempt to connect before identity permissions are evaluated. It does not grant access by itself; a user or service still needs the right Azure, Synapse, or SQL permissions. It...
Synapse Analytics
intermediate
6 commands
Aliases: Synapse IP firewall rule, workspace firewall rule, Synapse workspace IP allowlist, Synapse public endpoint firewall
Quick peek
Open full term page
Networking
premium
Application Gateway backend pool
the group of backend targets that an Application Gateway can forward matched requests to after a listener and routing rule select them.
Application delivery and API edge
intermediate
4 commands
Aliases: Application Gateway backend pool, application gateway backend pool
Quick peek
Open full term page
Networking
premium
Application Gateway HTTP setting
the Application Gateway backend configuration that controls how the gateway connects to backend servers for HTTP or HTTPS requests.
Application delivery and API edge
intermediate
4 commands
Aliases: Application Gateway HTTP setting, application gateway http setting
Quick peek
Open full term page
Networking
premium
Application Gateway listener
the Application Gateway component that waits for client requests on a frontend IP address, port, protocol, and optional hostname or certificate.
Application delivery and API edge
intermediate
4 commands
Aliases: Application Gateway listener, application gateway listener
Quick peek
Open full term page
Networking
premium
Application Gateway routing rule
the Application Gateway component that connects a listener to a backend pool, backend settings, redirect, or path-based routing decision.
Application delivery and API edge
intermediate
4 commands
Aliases: Application Gateway routing rule, application gateway routing rule
Quick peek
Open full term page
Monitoring
premium
Application Insights
Application Insights is the application performance monitoring capability in Azure Monitor. It collects OpenTelemetry or SDK telemetry such as requests, dependencies, exceptions, traces, metrics, and availability results so teams can continuously understand live application health, performance, failures, and user-impacting behavior.
Application observability
fundamentals
4 commands
Aliases: Azure Application Insights, App Insights, Azure Monitor Application Insights, application performance monitoring, APM
Quick peek
Open full term page
Networking
premium
Azure Firewall
Azure Firewall is a managed, stateful network firewall service for filtering traffic to and from Azure virtual network resources. It helps network security and platform teams centralize traffic control, logging, and threat protection across workloads without deploying self-managed firewall appliances for every landing zone. You see it when hub-spoke networks need egress control, applications require segmentation, regulated workloads need inspection, or teams need consistent firewall policy logging. It still needs ownership, network design, monitoring, and recovery planning. Operators need repeatable evidence for deployment, protection, troubleshooting, and reviews, not screenshots or tribal knowledge.
Network security
intermediate
4 commands
Aliases: Azure network firewall
Quick peek
Open full term page
Databases
premium
Cosmos DB firewall
Azure Cosmos DB firewall controls inbound access to a Cosmos DB account by allowing selected IP addresses, IP ranges, Azure services, or virtual network paths.
Azure Cosmos DB
intermediate
4 commands
Aliases: No aliases yet
Quick peek
Open full term page
Web
premium
Custom container web app
an Azure App Service web app that runs a team-supplied container image instead of a built-in runtime stack.
App Service
intermediate
4 commands
Aliases: App Service custom container, Web App for Containers, containerized App Service app
Quick peek
Open full term page
Networking
premium
Firewall rule
A firewall rule is a gatekeeping setting that decides which network sources can reach a protected Azure service. For Azure SQL, it often means allowing one public IP range to connect to a logical server or a specific database. For storage, MySQL, Cosmos DB, and other services, similar network rules limit where requests can come from. A firewall rule is not user authorization; it only answers whether the network path is allowed. Users or applications still need valid identity, credentials, and permissions after traffic gets through.
Network security
intermediate
4 commands
Aliases: Azure firewall rule, IP firewall rule, server firewall rule, network access rule
Quick peek
Open full term page
Networking
premium
Application security group
An application security group lets you group virtual machine network interfaces so network security group rules can target application roles instead of explicit IP addresses.
Network security
fundamentals
2 commands
Aliases: ASG, application security group
Quick peek
Open full term page
Storage
complete
Storage account firewall rule
A storage feature or access model in Storage accounts that helps teams store, protect, move, and govern application or analytics data with clearer ownership, safety, and operational context.
Storage accounts
advanced
10 commands
Aliases: storage firewall rule, Azure Storage network rule, storage account network ACL, storage firewall
Quick peek
Open full term page
Web
verified
Requests in application queue
Requests In Application Queue is an Azure Monitor metric for Microsoft.Web/sites that reports how many Web App or Function App requests are waiting in the application request queue. It helps diagnose saturation, slow handlers, cold starts, thread exhaustion, or delayed scale-out.
Web App metric
intermediate
6 commands
Aliases: RequestsInApplicationQueue, App Service application queue, HTTP requests in application queue, Web App request queue metric, Function App request queue metric
Quick peek
Open full term page
Web
verified
WebJobs / background work
Azure WebJobs is a built-in App Service feature for running background tasks, scripts, and programs alongside a web, API, or mobile app. Jobs share the App Service plan and can run continuously, on demand, or by schedule, often using the WebJobs SDK for event-driven processing.
App Service
intermediate
6 commands
Aliases: Azure WebJobs, App Service WebJobs, background jobs, continuous WebJob, triggered WebJob
Quick peek
Open full term page
Web
verified
Web app runtime stack
A web app runtime stack is the language and framework environment Azure App Service uses to run an application, such as .NET, Java, Node.js, Python, PHP, or a custom container. It affects supported versions, platform patching, startup behavior, and deployment compatibility.
App Service
intermediate
5 commands
Aliases: App Service runtime stack, web app stack, linuxFxVersion, language runtime stack
Quick peek
Open full term page
Databases
complete
SQL firewall rule
Microsoft Learn describes Azure SQL IP firewall rules as controls that allow client connections from specified IPv4 address ranges to a logical server or database. Server-level rules are managed centrally, database-level rules use Transact-SQL, and both influence whether clients can reach Azure SQL endpoints before authentication is evaluated.
Azure SQL
intermediate
5 commands
Aliases: Azure SQL firewall rule, SQL server firewall rule, server-level IP firewall rule, database-level firewall rule
Quick peek
Open full term page
App platform
complete
Static Web App
Microsoft Learn describes Azure Static Web Apps as a service that automatically deploys full-stack web apps from a source repository. It serves static assets from globally distributed locations, integrates optional APIs, supports GitHub or Azure DevOps workflows, and provides routing, authentication, staging environments, and CLI support.
Static Web Apps
intermediate
5 commands
Aliases: static-web-app, Static Web App, Azure Static Web Apps, SWA, static web app resource, staticwebapp
Quick peek
Open full term page
App platform
complete
Static Web Apps configuration
Microsoft Learn describes Static Web Apps configuration as the staticwebapp.config.json file used to control routing and application behavior. It defines route rules, authorization requirements, response overrides, custom headers, navigation fallback, networking settings, and other global behavior for an Azure Static Web Apps site.
Static Web Apps
advanced
5 commands
Aliases: static-web-apps-configuration, Static Web Apps configuration, staticwebapp.config.json, Static Web Apps config file, SWA configuration, routes configuration
Quick peek
Open full term page
Web
complete
Static Web Apps environment
A production, preview, or named deployment instance for an Azure Static Web Apps application.
Static Web Apps
intermediate
5 commands
Aliases: static-web-apps-environment, Static Web Apps environment, SWA environment, Static Web Apps preview environment, Static Web Apps named environment, Static Web Apps production environment
Quick peek
Open full term page
Web
complete
Static Web Apps route rule
A staticwebapp.config.json rule that controls how a specific Static Web Apps route is authorized, rewritten, redirected, or handled.
Static Web Apps
intermediate
5 commands
Aliases: static-web-apps-route-rule, Static Web Apps route rule, SWA route rule, staticwebapp.config.json route, Static Web Apps routes, route authorization rule
Quick peek
Open full term page
Storage
complete
Storage account static website
Storage account static website is a Blob Storage feature that serves HTML, CSS, JavaScript, and image files from the special $web container through a web endpoint. It supports simple static sites without app servers. The endpoint is commonly fronted by CDN or Azure Front Door.
Storage accounts
fundamentals
5 commands
Aliases: Storage account static website, storage account static website, storage-account-static-website, static website hosting, storage static website, $web container
Quick peek
Open full term page
Web
field-manual-ready
Multi-container web app
A multi-container web app is an App Service workload made from multiple cooperating containers rather than one application image.
Azure App Service
intermediate
4 commands
Aliases: Docker Compose web app, App Service multi-container, multi-container web app, App Service sidecar, Docker Compose App Service
Quick peek
Open full term page
Containers
premium
ACR webhook
An ACR webhook is an Azure Container Registry event notification that sends an HTTP or HTTPS request to a configured endpoint when registry actions occur, such as image push or delete. It can be registry-wide or scoped to a repository or tag, including regional replicas.
Azure Container Registry
intermediate
5 commands
Aliases: Azure Container Registry webhook, registry webhook, ACR event webhook
Quick peek
Open full term page
Databases
premium
PostgreSQL firewall rule
A public-network access rule that permits a specific IPv4 range to reach an Azure Database for PostgreSQL flexible server.
PostgreSQL flexible server
intermediate
5 commands
Aliases: PostgreSQL firewall rule, postgresql firewall rule, Azure PostgreSQL firewall, public access, IPv4 allowlist, source IP, start IP address
Quick peek
Open full term page
Management and Governance
premium
Application landing zone
An application landing zone is one or more governed Azure subscriptions for a workload environment, placed under management groups so it inherits platform policies and shared services.
Landing zones
fundamentals
4 commands
Aliases: application landing zone
Quick peek
Open full term page
Identity
premium
Application permission
An application permission is an app-only permission, also exposed as an app role, that lets a client application access a resource without a signed-in user after consent is granted.
Identity operations
fundamentals
4 commands
Aliases: application permission
Quick peek
Open full term page
Management and Governance
premium
Application tag
An application tag is a resource tag key-value pair that identifies the application, product, workload, or service associated with an Azure resource.
Tags and naming
fundamentals
4 commands
Aliases: application tag
Quick peek
Open full term page
Identity
premium
Enterprise application
Enterprise application properties in Microsoft Entra ID configure the organization-specific service principal settings for an application, including user assignment, single sign-on, provisioning, and ownership.
Microsoft Entra applications
intermediate
4 commands
Aliases: Entra enterprise application, service principal application, enterprise app
Quick peek
Open full term page
Monitoring and Observability
premium
Application Insights connection string
An Application Insights connection string specifies the Application Insights resource and endpoints that an instrumented application uses to send telemetry.
Application Insights
fundamentals
3 commands
Aliases: APPLICATIONINSIGHTS_CONNECTION_STRING, application insights connection string
Quick peek
Open full term page
Virtual Desktop Infrastructure
premium
Application group
An Azure Virtual Desktop application group controls access to a full desktop or a logical grouping of RemoteApp applications from a host pool.
Virtual desktops
fundamentals
2 commands
Aliases: application group
Quick peek
Open full term page
Monitoring and Observability
premium
Application map
Application Map is an Application Insights view that visualizes application components and dependencies using telemetry, helping teams identify bottlenecks and failure hotspots.
Application Insights
fundamentals
2 commands
Aliases: application map
Quick peek
Open full term page
Databases
field-manual-complete
Azure SQL firewall rule
An Azure SQL firewall rule is an allow-list entry for public network access to Azure SQL Database. It says which client IP address or range may connect to a logical server or a specific database. It does not replace identity, passwords, Microsoft Entra authentication, or private networking; it only decides whether the network connection is.
Azure SQL Database
intermediate
5 commands
Aliases: Azure SQL firewall rule, IP firewall rule, SQL firewall rule, database-level firewall rule, server-level firewall rule
Quick peek
Open full term page
Databases
field-manual-complete
PostgreSQL server firewall
A PostgreSQL server firewall is the public-network gate in front of an Azure Database for PostgreSQL flexible server. If public access is enabled, clients can attempt to connect only when their source IP address falls inside an allowed firewall rule. The rule does not grant database access, create a user, or bypass passwords. It simply lets the traffic reach the server endpoint. If the server uses private access instead, the...
Data platform
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Databases
verified
Redis firewall rule
A Redis firewall rule in Azure Cache for Redis allows specific public IP address ranges to connect to a cache instance. Firewall rules use start and end IP values, apply to Basic, Standard, and Premium tiers, and are not available for Enterprise or Enterprise Flash.
Cache and in-memory data
intermediate
5 commands
Aliases: No aliases yet
Quick peek
Open full term page
Storage
field-manual-complete
Storage firewall
A storage firewall is the Azure Storage network security configuration that restricts data-plane access to selected virtual networks, IP ranges, resource instances, private paths, or trusted service exceptions. It controls network reachability to storage services, while identity and authorization still decide whether an allowed request can access data.
Network security
fundamentals
5 commands
Aliases: storage account firewall, Azure Storage firewall, storage network rules, storage network security
Quick peek
Open full term page
Storage
field-manual-complete
Storage firewall network rule
An allow rule that permits selected network sources to reach an Azure Storage account public endpoint.
Storage networking
intermediate
5 commands
Aliases: storage firewall rule, storage account firewall network rule, Azure Storage network ACL rule, storage account network allow rule, Azure Storage firewall network rule, storage account network ACL rule, storage account firewall subnet rule
Quick peek
Open full term page
Storage
field-manual-complete
Storage static website
Azure Storage static website hosting lets a general-purpose v2 or BlockBlobStorage account serve static HTML, CSS, JavaScript, and image files from the special $web container. Operators enable the feature, set index and error documents, and then publish content through the account's web endpoint.
Storage accounts
intermediate
5 commands
Aliases: Azure Storage static website, static website hosting for storage, $web container website, storage website endpoint
Quick peek
Open full term page
No glossary terms matched that search.
Try a service name, acronym, command group, or category such as RBAC , az group , App Service , Application Insights , Databases , or Azure AI Search .
Clear filters and show matches
Reset search