AZURE MADE EASY

✧✧✧✧✧✧✧✧✧✧

“A concise dictionary of all important

Microsoft Azure Cloud terms”
✧✧✧✧✧✧✧✧✧✧

Ravindra Pawar
Disclaimer
I have made every attempt to ensure that the information contained in
this ebook is obtained from the reliable sources. I am, in any way, not
responsible for any errors or omissions in it and, thereby, any use of it. All
information in this ebook is provided with no guarantee of completeness
or accuracy.
Ravindra Pawar
Seven times Azure certified professional with strong Azure IaaS skills
and multi-domain experience. Expertise in Azure Infrastructure-as-a-
service Administration, Azure Identity and Access Management,
Azure Security Technologies, Azure Storage Service, Azure
Networking, Linux & Windows Servers, and IT Support. A lifelong
learner and Azure evangelist . Loves to make difficult technical
concepts easy.

https://www.udemy.com/course/azure-fundamentals-az-900-practice-tests-updated/

Version 1.0 | October, 2022

LinkedIn - https://www.linkedin.com/in/MicrosoftAzureArchitect/
Credly - https://www.credly.com/users/Ravindra-Pawar-India/badges
Udemy - https://www.udemy.com/user/Ravindra-Pawar-5/
General Cloud Computing Terms
Cloud Computing
Cloud computing is the on-demand delivery of
computing/IT services or resources—including
servers, storage, networking, databases,
software, analytics, etc. —over the internet with
pay-as-you-go pricing.
✧✧
Pay-as-you-go Pricing Model
The pay-as-you-go (PAYG) pricing model means
that users pay based on how much they
consume.
✧✧
Cloud Service Providers (CSPs)
Cloud Service Providers (CSPs) are the providers
of cloud platforms, services, and infrastructure.
The top 3 CSPs are Microsoft Azure, Amazon
Web Services, and Google Cloud Platform.
✧✧
Cloud Tenant
A cloud tenant is an individual, a group, or an
organization that consumes cloud services from
the cloud service providers.
✧✧
Cloud Deployment Model
A cloud deployment model is defined according
to where the infrastructure for the deployment
resides (in the cloud, on-premises, or both).
Deciding which deployment model to employ is
one of the most important cloud decisions you
will ever make. Public Cloud, Private Cloud, and
Hybrid Cloud are the cloud deployment models.
✧✧
Cloud Service Model
A cloud service model defines which part of the
cloud stack is controlled by the cloud service
provider and which part by the tenant.
Infrastructure as a Service (IaaS), Platform as a
Service (PaaS), and Software as a Service (SaaS)
are the cloud service models.
 ✧✧
Shared Responsibility Model
A shared responsibility model is a cloud security
framework that dictates which part of the cloud
stack’s security obligations lie with the cloud
service provider and which part’s lie with the
tenant.
✧✧
CapEx
CapEx or Capital Expenditure is the money
spent upfront on building and maintaining
physical datacenters that included building,
power, cooling, networking, racks of servers,
and other physical components.
✧✧
OpEx
OpEx or Operational Expenditure is the money
spent on an ongoing subscription fee for
various cloud services provided by cloud service
providers.
 ✧✧
Public Cloud
Public cloud is a cloud deployment model where
computing resources are owned and operated
by a cloud service provider and shared across
multiple tenants via the Internet.
✧✧
Private Cloud
Private Cloud is a cloud deployment model
where the infrastructure is dedicated to a single
organization. A private cloud can be hosted
either at an organization’s own datacenter or
at a third-party facility.
✧✧
Hybrid Cloud
Hybrid Cloud is a cloud deployment model
where some part of the infrastructure resides in
an organization’s on-premises and some part in
the cloud.
✧✧
Infrastructure as a Service (IaaS)
IaaS is a cloud service model wherein the cloud
service provider takes care of physical
networking, physical servers, physical storage,
and virtualization. The tenant takes care of the
rest— OS (installation, patching, & maintenance
of the OS), middleware, runtime, applications,
and data.
✧✧
Platform as a Service (PaaS)
PaaS is a cloud service model wherein the cloud
service provider takes care of physical
networking, physical servers, physical storage,
virtualization, OS (installation, patching, &
maintenance of the OS), middleware, and
runtime. The tenant takes care of the
applications and related data.
✧✧
Software as a Service (SaaS)
SaaS is a cloud service model wherein the cloud
service provider takes care of physical
networking, physical servers, physical storage,
virtualization, OS (installation, patching, &
maintenance of the OS), middleware, runtime,
and applications. The tenant is concerned with
only their own data.
✧✧
Geo-distribution
Geo-distribution is a feature of cloud computing
which allows you to deploy apps and data to
regional datacenters around the globe, thereby
ensuring that your customers always have the
best performance in their region.
✧✧
Azure Availability Zones
Azure availability zones are physically and
logically separated datacenters with their own
independent power source, network, and
cooling. Azure availability zones are connected
by a high-performance network with a round-
trip latency of less than 2ms.
✧✧
Azure Region
An Azure region is a set of data centers
deployed within a latency-defined perimeter and
connected through a dedicated regional low-
latency network. Azure regions are at least 300
miles apart to protect against regional level
failures. Azure has 60+ regions in 140+
countries.
✧✧
Azure Geography
An Azure geography is a distinct area on the
global map that contains at least one or more
regions. Azure geographies preserve data
residency and compliance boundaries. Azure
Geographies let you keep your business-critical
data and applications close using fault-tolerant,
high-capacity networking infrastructure. Africa,
Australia, India, the UK, and the US are some
examples of Azure Geographies.
✧✧
Availability Set
An availability set in Azure provides high
availability to your virtual machines belonging
to same group by logically distributing them
into different fault and update domains.
Availability sets protect you from rack-level
hardware failures or host OS update events. An
availability set contains up to 3 fault domains
and 20 update domains.
✧✧
Update Domain
An update domain is a group of host resources
that can be updated and rebooted if required at
the same time. An update domain contains
different servers from different server racks.
✧✧
Fault Domain
Fault domains are separate server racks that
share a single point of failure. One fault domain
is typically one single server rack.
 ✧✧
Availability
Availability is a measure of system uptime for
services.
✧✧
High Availability
It is the ability to keep services running for
extended periods of time with very little
downtime.
✧✧
Scalability
Scalability is the ability to scale. Scaling is the
process of allocating (adding) and deallocating
(removing) resources as per demands.
✧✧
Autoscaling
It is the ability of scaling automatically as per
demands.
✧✧
Vertical Scaling
Scaling up (adding more CPUs or RAM) and
scaling down (lowering CPUs or RAM) are
vertical scaling.
✧✧
Scaling Up
Adding more CPUs or RAM to your system is
scaling up.
✧✧
Scaling Down
Lowering CPUs or RAM from your system is
scaling down.
✧✧
Horizontal Scaling
Scaling out (adding more virtual machines or
containers) and scaling in (removing unneeded
virtual machines or containers) are horizontal
scaling.
✧✧
Scaling Out
Scaling out is adding more virtual machines or
containers to meet increasing demands.
✧✧
Scaling In
Scaling in is remove unneeded virtual machines
or containers to meet decreasing demands.
✧✧
Elasticity
Elasticity is the ability to dynamically allocate
and deallocate resources without manual
intervention.
✧✧
Agility
It is the ability to allocate and deallocate
resources quickly.
✧✧
Disaster Recovery
Disaster recovery is the ability to recover from
an event (disaster) that has taken down the
service.
✧✧
Fault Tolerance
It is a system's ability to continue operating
uninterrupted despite the failure of one or more
of its components.
✧✧
Redundancy
A system of backup or replication that can be
quickly called into action when the primary
thing fails.

Latency
The amount of time it takes for data to travel
from one place to another.
General Azure Terms
Azure Portal
The Azure portal is a web-based, unified console
that provides an alternative to command-line
tools. With the Azure portal, you can manage
your Azure subscription using a graphical user
interface. You can build, manage, and monitor
everything from simple web apps to complex
cloud deployments.
✧✧
Azure Cloud Shell
Azure Cloud Shell is a browser-based shell
experience to manage and develop Azure
resources.
✧✧
Azure CLI
The Azure Command-Line Interface (CLI) is a
cross-platform command-line tool to connect to
Azure and execute administrative commands on
Azure resources.
✧✧
Azure PowerShell
Azure PowerShell is a set of cmdlets for
managing Azure resources directly from
PowerShell.
✧✧
Azure Resource Manager
Azure Resource Manager is the service that
manages and deploys Azure resources. It has a
management layer that allows us to create,
update, and delete Azure account resources.
You interact with Azure Resource Manager
through Azure Portal, Azure PowerShell, Azure
CLI, or REST clients.
✧✧
ARM Templates
ARM Templates are JSON files that let you
define and deploy Azure resources through
code.
✧✧
Azure Resources
An Azure resource is an instance of service that
you create. For example, Azure Virtual Machine,
Azure Storage Account, Azure Load Balancer,
etc.
✧✧
Azure Resource Group
An Azure Resource Group is a logical container
that holds multiple resources together so you
can manage them as a single entity—based on
lifecycle and security.
✧✧
Azure Subscription
Azure Subscription is a logical unit of Azure
services that is linked to an Azure account. You
cannot create and build solutions in Azure
without a subscription.
✧✧
Management Groups
Azure Management groups are logical
containers that allow you to manage access,
policy, and compliance across multiple Azure
Subscriptions under one umbrella.
✧✧
Azure Compute Terms
Virtual Machine
A virtual machine is a computer file, typically
called an image, that behaves like an actual
computer.
✧✧
Azure Virtual Machines
Azure Virtual Machines are image service
instances that provide on-demand and scalable
computing resources with usage-based pricing.
✧✧
Azure Virtual Machine Scale Sets
Azure virtual machine scale sets let you create
and manage a group of load-balanced VMs. The
number of VM instances can automatically
increase or decrease in response to demand or
a defined schedule.
✧✧
Azure App Service
Azure app service is a fully PaaS-based offering
wherein you can host enterprise-grade web
applications, REST APIs, and mobile back ends.
✧✧
Azure Container Instances
Azure Container Instances is a solution for any
scenario that can operate in isolated
containers, without orchestration.
✧✧
Azure Storage
A storage account is a container that groups a
set of Azure Storage services together – like,
blob storage, file shares, table storage, and que
storage.
✧✧
Blob Storage
Azure blob storage is an offering to store an
enormous amount of unstructured data that
may come in form of images, text, files, videos,
or a mix of all these types.
✧✧
Azure File Share
Azure File Share (Azure Files) offers fully
managed file shares in the cloud. A file share is
a network storage location that you can surface
as local storage to your client operating system.
Azure Files supports two industry-standard file
sharing protocols: Server Message Block (SMB)
and Network File System (NFS).
✧✧
Table Storage
Azure Table storage is a service that stores
non-relational structured data (also known as
structured NoSQL data) in the cloud, providing
a key/attribute store with a schemaless design.
Because Table storage is schemaless, it's easy
to adapt your data as the needs of your
application evolve.
✧✧
Que Storage
Azure Queue Storage is a service for storing
large numbers of messages. You access
messages from anywhere in the world via
authenticated calls using HTTP or HTTPS. A
queue message can be up to 64 KB in size. A
queue may contain millions of messages, up to
the total capacity limit of a storage account.
✧✧
Az Copy
AzCopy is a command-line utility that you can
use to copy blobs or files to or from a storage
account.
✧✧
Azure File Sync
Azure File Sync centralizes your company's file
shares in Azure File Shares (Azure Files). Azure
File Sync transforms Windows Servers running
on-premises or in the cloud into a quick cache
of your Azure file share.
 ✧✧
Azure Storage Hot Tier
An online storage access tier optimized for
storing data that is accessed or modified
frequently. The hot tier has the highest storage
costs, but the lowest access costs.
✧✧
Cool Tier
An online tier optimized for storing data that is
infrequently accessed or modified.
✧✧
Archive Tier
The Archive tier is a storage access tier for
storing data that is rarely accessed. The
Archive access tier has the lowest storage cost,
but higher data retrieval costs and latency
compared to the Hot and Cool tiers.
✧✧
LRS
Locally redundant storage (LRS) replicates your
storage account three times within a single data
center in the primary region. LRS is the lowest-
cost redundancy option and offers the least
durability compared to other options.
✧✧
ZRS
Zone-redundant storage (ZRS) replicates your
storage account synchronously across three
Azure availability zones in the primary region.
Each availability zone is a separate physical
location with independent power, cooling, and
networking.
✧✧
GRS
Geo-redundant storage (GRS) copies your data
synchronously three times within a single
physical location in the primary region using
LRS. It then copies your data asynchronously to
a single physical location in the secondary
region.
✧✧
GZRS
Geo-zone-redundant storage (GZRS) copies your
data synchronously across three Azure
availability zones in the primary region using
ZRS. It then copies your data asynchronously to
a single physical location in the secondary
region.
✧✧
RAGZRS
It is a geo-zone-redundant storage (GZRS)
storage account with a read access to the
secondary region.
✧✧
Azure Active Directory Terms
Identity
The fact of being something or someone. A user
with username and password. Also, it can be an
application or server with a secret keys or
certificates.
✧✧
Role
It is simply a collection of permissions that can
be assigned to an identity.
✧✧
Security Principal
It is a user, a group, a service principal, or a
managed identity.
✧✧
Service Principal
It is an app or a server that can be given an
identity.
✧✧
Authentication
Authentication is the process of verifying who a
user is.
✧✧
Authorization
Authorization is the process of verifying what
resources a user has access to and what they
can do with them.
✧✧
Azure Active Directory
Azure Active Directory (Azure AD) is a cloud-
based identity and access management service.
✧✧
Azure AD Tenant
An Azure AD tenant is a reserved Azure AD
service instance that an organization receives
and owns once it signs up for a Microsoft cloud
service such as Azure, Microsoft Intune, or
Microsoft 365. Each tenant represents an
organization, and is distinct and separate from
other Azure AD tenants.
✧✧
Azure AD Security Groups
Azure AD Security Groups are used for
managing objects (users) in Azure AD. You can
group several Azure users in an Azure AD
Security Group and apply licenses and group
permissions. This saves you from a lot
administrative overhead.
✧✧
MS365 Groups
Microsoft 365 Security groups are used to
ensure that a group of users have consistent
permissions to a set of related resources. They
are used to establish a single set of permissions
across Microsoft 365 apps including Outlook,
SharePoint, OneNote, Skype for Business,
Planner, Power BI, and Dynamics CRM.
✧✧
Guest User
Guest users sign in to your apps and services
with their own work, school, or social identities.
They use their own identities and credentials,
whether or not they have an Azure AD account.
You don't need to manage external accounts or
passwords. You don't need to sync accounts or
manage account lifecycles.
✧✧
Azure B2B
Azure Active Directory (Azure AD) B2B
collaboration is a feature within External
Identities that lets you invite guest users to
collaborate with your organization.
✧✧
Azure B2C
This service allows businesses to build customer
facing applications, and then allow anyone to
sign up into those applications with their
personal email or social media accounts.
 ✧✧
Seamless Single Sign-on
Azure Active Directory Seamless Single Sign-On
(Azure AD Seamless SSO) automatically signs
users in when they are on their corporate
devices connected to your corporate network.
When enabled, users don't need to type in their
passwords to sign in to Azure AD, and usually,
even type in their usernames.
✧✧
Multi-factor Authentication
Multi-factor authentication is a process in which
users are prompted during the sign-in process
for an additional form of identification, such as
a code on their cellphone or a fingerprint scan.
✧✧
Conditional Access
Azure Active Directory (AD) Conditional Access
provides added security by allowing access to
your applications across cloud and on-premises,
for example, only from trusted and compliant
devices. It is a policy-based approach. You can
configure a Conditional Access policy with the
required conditions to apply the access controls.
✧✧
Azure AD Role
Azure AD roles are used to manage Azure AD
resources in a directory such as create or edit
users, assign administrative roles to others,
reset user passwords, manage user licenses,
and manage domains.
✧✧
Azure RBAC
Azure role-based access control (Azure RBAC) is
a system that provides fine-grained access
management of Azure resources. Using Azure
RBAC, you can segregate duties within your
team and grant only the amount of access to
users that they need to perform their jobs
(principle of least privilege). The role assigned
through this is called Azure RBAC Role.
✧✧
Principle of least privilege
It is a concept in computer security that limits
users' access rights to only what are strictly
required to do their jobs.
✧✧
Azure Networking Terms
Virtual Network
Azure Virtual Network (VNet) is the
fundamental building block for your private
network in Azure. VNet enables many types of
Azure resources, such as Azure Virtual
Machines (VM), to securely communicate with
each other, the internet, and on-premises
networks.
✧✧
Subnets
Subnets enable you to segment the virtual
network into one or more sub-networks and
allocate a portion of the virtual network's
address space to each subnet. You can then
deploy Azure resources in a specific subnet.
✧✧
Network Security Groups
Azure Network Security Groups are used to
filter network traffic between Azure resources
in an Azure virtual network. A network security
group contains security rules that allow or deny
inbound network traffic to, or outbound
network traffic from, several types of Azure
resources.
✧✧
Application Security Groups
Application Security Groups service helps to
manage the security of Virtual Machines by
grouping them according the applications that
runs on them.
✧✧
Service Endpoint
An Azure Service Endpoint allows Azure VNET
to be connected to an Azure service to enable
more secure connections. For example, you can
connect your VM subnet to Azure storage
account. This way only your VMs in that
particular subnet can communicate with your
storage account over Microsoft Private
Backbone network.
✧✧
Private Endpoint
A private endpoint is a network interface that
uses a private IP address from your virtual
network. This network interface connects you
privately and securely to a service that's
powered by Azure Private Link. By enabling a
private endpoint, you're bringing the service
into your virtual network.
✧✧
VNET Peering
Virtual network peering enables you to
seamlessly connect two or more virtual
networks in Azure. The virtual networks appear
as one for connectivity purposes. The traffic
between virtual machines in peered virtual
networks uses the Microsoft backbone
infrastructure. Peering VNETS cannot have
overlapping address spaces.
✧✧
Azure VPN Gateway
Azure VPN Gateway enables you to establish
secure, cross-premises connectivity between
your virtual network within Azure and on-
premises IT infrastructure.
✧✧
Azure Site to Site VPN
A Site-to-Site VPN gateway connection is used to
connect your on-premises network to an Azure
virtual network over a VPN tunnel.
✧✧
Azure Point to Site VPN
A Point-to-Site (P2S) VPN connection helps to
create a secure connection tunnel to your Azure
virtual network (VNet) from individual client
computer devices.
✧✧
Azure ExpressRoute
Azure ExpressRoute lets you extend your on-
premises networks into the Azure over a private
connection with the help of a dedicated
connectivity provider.
✧✧
Azure DNS
Azure DNS is a hosting service for DNS domains
that provides name resolution by using
Microsoft Azure infrastructure.
✧✧
Azure Load Balancer
An Azure load balancer is a Layer-4 (TCP, UDP)
load balancer that provides high availability by
distributing incoming traffic among healthy
VMs. A load balancer health probe monitors a
given port on each VM and only distributes
traffic to an operational VM.
✧✧
Azure Application Gateway
Azure Application Gateway is a web traffic load
balancer that enables you to manage traffic to
your web applications.
 ✧✧
Azure Traffic Manager
Azure Traffic Manager is a DNS-based traffic
load balancer. This service allows you to
distribute traffic to your public facing
applications across the global Azure regions.
✧✧
Azure Front Door
It is an application delivery network (ADN) as a
service that offers Layer 7 load-balancing
capabilities for applications.
✧✧
Azure Policy, Monitoring, Backup Terms
Azure Policy
The Azure Policy is a free Azure service that
permits you to make policies, and assign them
to your Azure environment, and receive alerts
or take action in cases of non-compliance with
these policies.
✧✧
Azure Blueprints
Azure Blueprints is a service by Microsoft Azure
to build and deploy the repeatable collection of
Azure resources by ensuring the same
standards, security, and requirements. They
have four artifacts (components) – resource
groups, role assignments, policy assignments,
and ARM templates.
✧✧
Resource Locks
Azure Resource Locks help you prevent
accidental deletion or modification of your
Azure resources by users. There are two locks –
delete lock and read-only lock.
 ✧✧
Service Trust Portal
The Service Trust Portal is Microsoft's public
site for publishing audit reports and other
compliance-related information associated with
Microsoft's cloud services.
✧✧
Azure Advisor
Azure Advisor analyses your configurations and
usage telemetry and offers personalized,
actionable recommendations to help you
optimize your Azure resources for reliability,
security, operational excellence, performance
and cost.
✧✧
Azure Service Health
Azure Service Health helps you stay informed
and take action when Azure service issues like
outages and planned maintenance affect your
Azure resources.
 ✧✧
Azure Monitor
Azure Monitor helps you understand how your
applications are performing and proactively
identifies issues affecting them and the
resources they depend on.
✧✧
Log Analytics Workspace
Log Analytics Workspace is a tool in the Azure
portal that can be connected to various Azure
services to receive various kinds of logs. You
can edit and run log queries from data collected
by Azure Log Analytics Workspace and
interactively analyze their results.
✧✧
Application Insights
Azure Application Insights service helps you
understand how your app is performing and
how it is being used.
✧✧
Azure Site Recovery
Azure Site Recovery replicates your Azure
workloads from a primary site to a secondary
location. In the event of a disaster, you can
quickly failover to your secondary location.
✧✧
Azure Security Terms
Zero Trust
Zero Trust is a cybersecurity framework based
on the principle of maintaining strict access
controls and not trusting anyone by default,
even those already inside the organization.
✧✧
Defense-In-Depth
Defense-in-depth is a cybersecurity approach
that uses multiple layers of security for holistic
protection.
✧✧
Azure Firewall
Azure Firewall is a cloud-based, fully-managed
firewall service that protects your Azure virtual
network resources. It comes with built-in high
availability and unrestricted cloud scalability.
✧✧
Microsoft Defender For Cloud
Microsoft Defender for Cloud is a centralized
cloud security management solution that
provides security controls and tools to enable
proactive protection to your cloud resources
against emerging threats.
✧✧
Azure Costing Terms
Azure Pricing Calculator
Azure Pricing Calculator is a free cost
management tool that you can use to estimate
your cloud costs for new Azure deployments.
✧✧
Azure Total Cost of Ownership (TCO)
Calculator
The Azure Total Cost of Ownership(TCO)
Calculator is used to estimate the cost savings
you can achieve by migrating on-premises
workloads to Azure.
✧✧
Resource Tags
Azure tags are name-value pairs that are
assigned related resources to categorize them
in Azure Portal. Resource tagging helps in
identifying resources by purpose, owner,
environment, department, etc. It also helps in
optimizing your cloud costs.
✧✧