Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

Phase 8: Glossary

  • ACI (Azure Container Instances): A service to run Docker containers on-demand in a managed, serverless Azure environment.
  • Action Group: A collection of notification preferences and actions that are triggered by an Azure Monitor alert.
  • Activity Log: A platform log in Azure that provides insight into subscription-level events.
  • AKS (Azure Kubernetes Service): A managed container orchestration service based on the open-source Kubernetes system.
  • App Service: A fully managed platform for building, deploying, and scaling web apps and APIs.
  • App Service Plan: Defines a set of compute resources for a web app to run.
  • Application Gateway: A web traffic load balancer that enables you to manage traffic to your web applications (Layer 7).
  • Application Security Group (ASG): A feature that lets you group virtual machines and define network security policies based on those groups.
  • ARM (Azure Resource Manager): The deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account.
  • Availability Set: A logical grouping of VMs within a datacenter that allows Azure to understand how your application is built to provide for redundancy and availability.
  • Availability Zone: Physically separate locations within an Azure region, each with independent power, cooling, and networking.
  • Azure Bastion: A fully managed PaaS service that provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal.
  • Azure CLI (Command-Line Interface): A cross-platform command-line tool to connect to Azure and execute administrative commands on Azure resources.
  • Azure DNS: A hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure.
  • Azure Disk Encryption (ADE): A capability that helps you encrypt your Windows and Linux IaaS virtual machine disks.
  • Azure Firewall: A managed, cloud-based network security service that protects your Azure Virtual Network resources.
  • Azure Files: A service that offers fully managed file shares in the cloud that are accessible via the standard Server Message Block (SMB) and Network File System (NFS) protocols.
  • Azure File Sync: A service that allows you to centralize your organization's file shares in Azure Files, while keeping the flexibility, performance, and compatibility of an on-premises file server.
  • Azure Monitor: A comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
  • Azure Policy: A service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
  • Azure PowerShell: A set of cmdlets for managing Azure resources directly from the PowerShell command line.
  • AzCopy: A command-line utility that you can use to copy blobs or files to or from a storage account.
  • Blob Storage: An object storage solution for the cloud, optimized for storing massive amounts of unstructured data.
  • CIDR (Classless Inter-Domain Routing): A method for allocating IP addresses and for IP routing.
  • Container: A standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.
  • Custom Role: An RBAC role with a user-defined set of permissions.
  • Deployment Slot: A feature of Azure App Service that allows you to deploy different versions of your app to different environments (e.g., staging, production).
  • Diagnostic Settings: A feature to configure the export of platform logs and metrics for a resource to the destination of your choice.
  • Entra ID (Microsoft Entra ID): Microsoft’s cloud-based identity and access management service, formerly known as Azure Active Directory.
  • Entra ID Join: A mechanism to join a Windows device directly to Microsoft Entra ID, without needing to join an on-premises Active Directory.
  • ExpressRoute: A service that lets you create private connections between Azure datacenters and infrastructure on your premises or in a colocation environment.
  • Fault Domain: A group of virtual machines that share a common power source and network switch.
  • GRS (Geo-Redundant Storage): A storage redundancy option that copies your data synchronously three times within a single physical location in the primary region and then copies your data asynchronously to a single physical location in a secondary region.
  • IaC (Infrastructure as Code): The management of infrastructure (networks, virtual machines, load balancers, and connection topology) in a descriptive model, using the same versioning as DevOps team uses for source code.
  • KQL (Kusto Query Language): A powerful query language for querying large datasets in Azure Data Explorer, Azure Monitor Logs, Azure Sentinel, etc.
  • Load Balancer: A service that distributes network traffic across multiple servers to ensure no single server becomes a bottleneck.
  • Local Network Gateway: An object in Azure that represents your on-premises VPN device.
  • Log Analytics Workspace: A unique environment for Azure Monitor log data.
  • LRS (Locally-Redundant Storage): A storage redundancy option that copies your data synchronously three times within a single physical location in the primary region.
  • Management Group: A container that helps you manage access, policy, and compliance for multiple subscriptions.
  • Managed Disk: A virtual hard disk (VHD) for which Azure manages the storage account.
  • Metric: A numerical value collected from monitored resources that describes some aspect of a system at a particular point in time.
  • Network Interface (NIC): A component that enables an Azure Virtual Machine to communicate with internet, Azure, and on-premises resources.
  • Network Security Group (NSG): A feature that contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet).
  • Network Watcher: A regional service that enables you to monitor and diagnose conditions at a network scenario level in, to, and from Azure.
  • PaaS (Platform as a Service): A cloud computing model where a third-party provider delivers hardware and software tools to users over the internet.
  • Private DNS Zone: A feature of Azure DNS that provides a reliable and secure DNS service to manage and resolve domain names in a virtual network without needing to add a custom DNS solution.
  • Private Endpoint: A network interface that uses a private IP address from your virtual network, effectively bringing an Azure service into your VNet.
  • Public IP Address: An IP address used for communication with the Internet, including Azure public-facing services.
  • RBAC (Role-Based Access Control): A system that provides fine-grained access management of Azure resources.
  • Recovery Services Vault: A storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations.
  • Region: A set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.
  • Resource Group: A container that holds related resources for an Azure solution.
  • Resource Lock: A feature that prevents other users in your organization from accidentally deleting or modifying critical resources.
  • RPO (Recovery Point Objective): The maximum acceptable amount of data loss after an unplanned incident, measured in time.
  • RTO (Recovery Time Objective): The target time within which a business process must be restored after a disaster or disruption to avoid unacceptable consequences associated with a break in business continuity.
  • Service Endpoint: A feature that provides secure and direct connectivity to Azure services over an optimized route on the Azure backbone network.
  • Service Health: A service that provides personalized alerts and guidance when Azure service issues, planned maintenance, or other changes may affect your Azure resources.
  • Shared Access Signature (SAS): A URI that grants restricted access rights to Azure Storage resources.
  • Shared Image Gallery: A service that helps you build structure and organization around your custom VM images.
  • Soft Delete: A data protection feature that allows you to recover accidentally deleted data (e.g., blobs, containers, backups).
  • Storage Account: A container that groups a set of Azure Storage services together.
  • Subscription: A logical unit of Azure services that is linked to an Azure account.
  • Sysprep (System Preparation Tool): A Microsoft tool used to generalize a Windows installation for imaging and deployment.
  • Update Domain: A group of virtual machines and underlying physical hardware that can be rebooted at the same time.
  • VNet (Virtual Network): The fundamental building block for your private network in Azure.
  • VNet Peering: A mechanism that connects two virtual networks in the same or different regions, enabling resources in both virtual networks to communicate with each other.
  • VPN Gateway: A specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet.
  • WAF (Web Application Firewall): A feature of Application Gateway that provides centralized protection of your web applications from common exploits and vulnerabilities.
  • ZRS (Zone-Redundant Storage): A storage redundancy option that copies your data synchronously across three Azure availability zones in the primary region.