Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

Phase 8: Glossary

  • ACI (Azure Container Instances): A service to run Docker containers on-demand in a managed, serverless Azure environment.
  • Action Group: A collection of notification preferences and actions that are triggered by an Azure Monitor alert.
  • Activity Log: A platform log in Azure that provides insight into subscription-level events.
  • AKS (Azure Kubernetes Service): A managed container orchestration service based on the open-source Kubernetes system.
  • App Service: A fully managed platform for building, deploying, and scaling web apps and APIs.
  • App Service Plan: Defines a set of compute resources for a web app to run.
  • Application Gateway: A web traffic load balancer that enables you to manage traffic to your web applications (Layer 7).
  • Application Insights: An Application Performance Management (APM) service for developers to monitor live web applications.
  • ARM (Azure Resource Manager): The deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account.
  • Availability Set: A logical grouping of VMs within a datacenter that allows Azure to understand how your application is built to provide for redundancy and availability.
  • Availability Zone: Physically separate locations within an Azure region, each with independent power, cooling, and networking.
  • Azure Bastion: A fully managed PaaS service that provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal.
  • Azure CDN (Content Delivery Network): A global network of servers that deliver content closer to users to minimize latency.
  • Azure CLI (Command-Line Interface): A cross-platform command-line tool to connect to Azure and execute administrative commands on Azure resources.
  • Azure Cosmos DB: A globally distributed, multi-model database service for any scale.
  • Azure Disk Encryption (ADE): A capability that helps you encrypt your Windows and Linux IaaS virtual machine disks.
  • Azure DNS: A hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure.
  • Azure Event Grid: A fully managed event routing service that enables you to easily manage events across many different Azure services and applications.
  • Azure Event Hubs: A big data streaming platform and event ingestion service.
  • Azure Firewall: A managed, cloud-based network security service that protects your Azure Virtual Network resources.
  • Azure Functions: A serverless compute service that lets you run event-triggered code without having to explicitly provision or manage infrastructure.
  • Azure Key Vault: A cloud service for securely storing and accessing secrets, keys, and certificates.
  • Azure Logic Apps: A cloud-based platform for creating and running automated workflows that integrate your apps, data, services, and systems.
  • Azure Monitor: A comprehensive solution for collecting, analyzing, and acting on telemetry from your cloud and on-premises environments.
  • Azure Policy: A service in Azure that you use to create, assign, and manage policies. These policies enforce different rules and effects over your resources, so those resources stay compliant with your corporate standards and service level agreements.
  • Azure PowerShell: A set of cmdlets for managing Azure resources directly from the PowerShell command line.
  • Azure Service Bus: A fully managed enterprise message broker with message queues and publish-subscribe topics.
  • AzCopy: A command-line utility that you can use to copy blobs or files to or from a storage account.
  • Blob Storage: An object storage solution for the cloud, optimized for storing massive amounts of unstructured data.
  • CIDR (Classless Inter-Domain Routing): A method for allocating IP addresses and for IP routing.
  • Container: A standard unit of software that packages up code and all its dependencies so the application runs quickly and reliably from one computing environment to another.
  • Custom Role: An RBAC role with a user-defined set of permissions.
  • Deployment Slot: A feature of Azure App Service that allows you to deploy different versions of your app to different environments (e.g., staging, production).
  • Diagnostic Settings: A feature to configure the export of platform logs and metrics for a resource to the destination of your choice.
  • Entra ID (Microsoft Entra ID): Microsoft’s cloud-based identity and access management service, formerly known as Azure Active Directory.
  • Entra ID Join: A mechanism to join a Windows device directly to Microsoft Entra ID, without needing to join an on-premises Active Directory.
  • ExpressRoute: A service that lets you create private connections between Azure datacenters and infrastructure on your premises or in a colocation environment.
  • Fault Domain: A group of virtual machines that share a common power source and network switch.
  • GRS (Geo-Redundant Storage): A storage redundancy option that copies your data synchronously three times within a single physical location in the primary region and then copies your data asynchronously to a single physical location in a secondary region.
  • IaaS (Infrastructure as a Service): A cloud computing model where a provider hosts infrastructure components traditionally present in an on-premises data center.
  • Idempotency: An operation that can be applied multiple times without changing the result beyond the initial application.
  • KQL (Kusto Query Language): A powerful query language for querying large datasets in Azure Data Explorer, Azure Monitor Logs, Azure Sentinel, etc.
  • Load Balancer: A service that distributes network traffic across multiple servers to ensure no single server becomes a bottleneck.
  • Local Network Gateway: An object in Azure that represents your on-premises VPN device.
  • Log Analytics Workspace: A unique environment for Azure Monitor log data.
  • LRS (Locally-Redundant Storage): A storage redundancy option that copies your data synchronously three times within a single physical location in the primary region.
  • Management Group: A container that helps you manage access, policy, and compliance for multiple subscriptions.
  • Managed Identity: An identity in Microsoft Entra ID that is automatically managed by Azure, used by services to authenticate to other Azure resources without credentials in code.
  • Metric: A numerical value collected from monitored resources that describes some aspect of a system at a particular point in time.
  • Network Interface (NIC): A component that enables an Azure Virtual Machine to communicate with internet, Azure, and on-premises resources.
  • Network Security Group (NSG): A feature that contains a list of security rules that allow or deny network traffic to resources connected to Azure Virtual Networks (VNet).
  • Network Watcher: A regional service that enables you to monitor and diagnose conditions at a network scenario level in, to, and from Azure.
  • PaaS (Platform as a Service): A cloud computing model where a third-party provider delivers hardware and software tools to users over the internet.
  • Private DNS Zone: A feature of Azure DNS that provides a reliable and secure DNS service to manage and resolve domain names in a virtual network without needing to add a custom DNS solution.
  • Private Endpoint: A network interface that uses a private IP address from your virtual network, effectively bringing an Azure service into your VNet.
  • Public IP Address: An IP address used for communication with the Internet, including Azure public-facing services.
  • RBAC (Role-Based Access Control): A system that provides fine-grained access management of Azure resources.
  • Recovery Services Vault: A storage entity in Azure that houses data. The data is typically copies of data, or configuration information for virtual machines (VMs), workloads, servers, or workstations.
  • Region: A set of datacenters deployed within a latency-defined perimeter and connected through a dedicated regional low-latency network.
  • Resource Group: A container that holds related resources for an Azure solution.
  • Resource Lock: A feature that prevents other users in your organization from accidentally deleting or modifying critical resources.
  • RPO (Recovery Point Objective): The maximum acceptable amount of data loss after an unplanned incident, measured in time.
  • RTO (Recovery Time Objective): The target time within which a business process must be restored after a disaster or disruption to avoid unacceptable consequences associated with a break in business continuity.
  • SaaS (Software as a Service): A software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted.
  • Service Endpoint: A feature that provides secure and direct connectivity to Azure services over an optimized route on the Azure backbone network.
  • Service Health: A service that provides personalized alerts and guidance when Azure service issues, planned maintenance, or other changes may affect your Azure resources.
  • Shared Access Signature (SAS): A URI that grants restricted access rights to Azure Storage resources.
  • Shared Image Gallery: A service that helps you build structure and organization around your custom VM images.
  • Soft Delete: A data protection feature that allows you to recover accidentally deleted data (e.g., blobs, containers, backups).
  • Storage Account: A container that groups a set of Azure Storage services together.
  • Subscription: A logical unit of Azure services that is linked to an Azure account.
  • Sysprep (System Preparation Tool): A Microsoft tool used to generalize a Windows installation for imaging and deployment.
  • Update Domain: A group of virtual machines and underlying physical hardware that can be rebooted at the same time.
  • VNet (Virtual Network): The fundamental building block for your private network in Azure.
  • VNet Peering: A mechanism that connects two virtual networks in the same or different regions, enabling resources in both virtual networks to communicate with each other.
  • VPN Gateway: A specific type of virtual network gateway that is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public Internet.
  • WAF (Web Application Firewall): A feature of Application Gateway that provides centralized protection of your web applications from common exploits and vulnerabilities.
  • ZRS (Zone-Redundant Storage): A storage redundancy option that copies your data synchronously across three Azure availability zones in the primary region.