Glossary
The Microsoft 365 vocabulary, in plain English. 233 terms.
A
- Adaptive ScopeA Microsoft Purview scoping mechanism that uses queries over Entra ID attributes to dynamically include users, mailboxes, or sites.
- Admin CenterThe Microsoft 365 admin center at admin.microsoft.com — the primary tenant-level admin portal.
- AI BuilderThe low-code AI service in the Power Platform — document processing, prediction, and language models.
- App Consent PolicyAn Entra ID policy controlling which OAuth permissions users can consent to grant to applications.
- Application PermissionsOAuth permissions where an app acts on its own without a user context, with access to the entire tenant scope.
- ARCAuthenticated Received Chain — an email authentication standard that preserves DMARC trust through legitimate forwarders.
- Attack Surface ReductionA Microsoft Defender for Endpoint feature with granular rules that block common attack techniques on Windows endpoints.
- Audit LogMicrosoft Purview's unified audit log of administrative and user actions across Microsoft 365.
- Authentication MethodA way to prove identity in Entra ID — password, Authenticator app, FIDO2 key, passkey, Windows Hello, certificate.
- AutopilotMicrosoft's zero-touch provisioning service for new Windows devices.
- Azure ADThe former name for Microsoft Entra ID, Microsoft's cloud identity service.
- Azure Information ProtectionThe former name for Microsoft Purview's sensitivity labelling and information protection capabilities.
- Azure Key VaultMicrosoft's cloud key, secret, and certificate management service — used by Microsoft 365 features like Customer Key.
- Azure Virtual DesktopMicrosoft's flexible cloud VDI service for hosting Windows desktops and remote apps in Azure.
B
- B2B CollaborationMicrosoft Entra ID's mechanism for inviting external partners into your tenant as guests.
- B2CMicrosoft's customer identity model for external apps — formerly Azure AD B2C, now Microsoft Entra External ID.
- BIMIBrand Indicators for Message Identification — a DNS record that displays your brand logo in supported email clients.
- Bring Your Own KeyAn encryption model where the customer provides the root key — also called BYOK or HYOK in stricter variants.
- Business ContinuityMaintaining critical business functions during and after disruption — including Microsoft 365 service incidents.
C
- Call QueueA Teams Phone feature that distributes inbound calls across a group of agents with hold music and routing rules.
- Canvas AppA Power Apps application designed visually with drag-and-drop controls and Power Fx formulas.
- Cloud PCA Windows 365 cloud-hosted Windows desktop streamed to any device.
- Compliance CenterThe legacy name for the Microsoft Purview compliance portal.
- Compliant NetworkA Conditional Access location condition requiring sign-ins to come through a known corporate network egress.
- Conditional AccessMicrosoft Entra's policy engine for allowing, blocking, or stepping up authentication based on signals.
- Conditional Access App ControlA Microsoft Entra and Defender for Cloud Apps feature that proxies session traffic for real-time session controls.
- Conditional LaunchIntune app protection policy settings that block app sign-in based on device or app state.
- Consent PhishingAn attack pattern where users are tricked into granting OAuth permissions to a malicious application.
- Content SearchMicrosoft Purview's keyword search across Microsoft 365 content for compliance and investigation.
- Content TypeA SharePoint definition bundling columns, behaviour, and metadata for a category of content.
- Continuous Access EvaluationA Microsoft Entra ID feature that revokes access tokens in near real time when risk signals change.
- CopilotMicrosoft 365 Copilot — the generative-AI assistant integrated across the Microsoft 365 apps.
- Copilot ChatThe standalone Microsoft 365 Copilot conversational interface — free web-grounded tier and paid tenant-grounded tier.
- Copilot PagesA Microsoft 365 Copilot capability that turns Copilot responses into editable, shareable Loop pages.
- Copilot StudioMicrosoft's low-code platform for building custom Copilots and AI agents.
- Cross-Tenant Access SettingsMicrosoft Entra ID configuration for trust between Microsoft 365 tenants — B2B, shared channels, multi-tenant collaboration.
- Customer KeyA Microsoft 365 service-encryption option where the customer provides and controls the encryption keys.
- Customer LockboxA Microsoft 365 feature requiring customer approval before Microsoft engineers can access tenant content.
D
- DataflowA reusable cloud-hosted Power Query data preparation flow in Power BI, Microsoft Fabric, or Power Platform.
- DataverseMicrosoft's relational database service behind the Power Platform and Dynamics 365.
- DAXData Analysis Expressions — the formula and query language for Power BI, Microsoft Fabric, and Analysis Services.
- DefenderMicrosoft's family of threat-protection products, unified under Microsoft Defender XDR.
- Defender for CloudMicrosoft's cloud workload protection platform for Azure, AWS, and GCP resources.
- Defender for IoTMicrosoft's security product for industrial control systems, operational technology, and IoT devices.
- Defender XDRMicrosoft's unified extended detection and response portal that correlates signals across Defender products.
- Delegated PermissionsOAuth permissions where an app acts on behalf of a signed-in user, inheriting that user's access rights.
- Direct RoutingA Teams Phone connectivity option that uses your own Session Border Controller and SIP carrier.
- Distribution ListAn Exchange-side address list that fans out mail to its members' personal inboxes.
- DKIMDomainKeys Identified Mail — a DNS-based signing mechanism that proves email came from your domain.
- DLPData loss prevention — Microsoft Purview policies that detect and act on sensitive data movement.
- DMARCDomain-based Message Authentication, Reporting and Conformance — the policy layer above SPF and DKIM.
E
- eDiscoveryMicrosoft Purview's toolset for finding, preserving, reviewing, and exporting content for legal cases and investigations.
- Entitlement ManagementA Microsoft Entra ID Governance feature for packaging and assigning access at scale via access packages.
- Entra IDMicrosoft's cloud identity and access service — the directory behind every Microsoft 365 sign-in.
- Entra ID P1The Premium P1 tier of Microsoft Entra ID — Conditional Access, password writeback, dynamic groups, SaaS provisioning.
- Entra ID P2The Premium P2 tier of Microsoft Entra ID — Identity Protection, Privileged Identity Management, access reviews.
- Environment (Power Platform)A Power Platform container for apps, flows, agents, and Dataverse — the unit of isolation between projects and lifecycle stages.
- EOPExchange Online Protection — the baseline anti-spam, anti-malware, and anti-phishing service included with Microsoft 365.
- EU Data BoundaryMicrosoft's commitment that EU customer data is processed within the European Union.
- ExcelMicrosoft's spreadsheet application — the deepest tool in the Office suite.
- Exchange Admin CenterThe web-based admin portal for Exchange Online configuration — mailboxes, mail flow, transport rules, and recipients.
- Exchange ArchiveA secondary Exchange Online mailbox that extends storage beyond the primary mailbox limit for an individual user.
- Exchange OnlineMicrosoft's cloud-hosted email and calendaring service, included in Microsoft 365.
F
- Fabric CapacityThe Microsoft Fabric resource unit (F-SKU) that provides shared compute for Power BI and Fabric workloads.
- FederationAn authentication model where a trusted external identity provider authenticates users instead of the local directory.
- FedRAMPThe US Federal Risk and Authorization Management Program — cloud security framework for US government cloud workloads.
- FIDO2A phishing-resistant authentication standard supported by Microsoft Entra ID via hardware keys and passkeys.
- Files On-DemandA OneDrive feature that shows synced files in the file system without downloading them until opened.
- Focused InboxAn Outlook feature that automatically separates important mail from low-priority mail using mailbox-side machine learning.
- Frontline WorkerMicrosoft's term for deskless, shift-based workers — retail, hospitality, healthcare, manufacturing — with specific Microsoft 365 plans.
G
- GDAPGranular Delegated Admin Privileges — the modern partner-to-customer access model for CSPs and MSPs.
- GDPRThe EU General Data Protection Regulation — personal data privacy rules with major implications for Microsoft 365 deployments.
- Graph ConnectorA Microsoft Graph indexing connector that brings third-party content into Microsoft Search and Copilot grounding.
- Graph ExplorerMicrosoft's web-based tool for interactively testing Microsoft Graph API requests.
- Group WritebackAn Entra Connect feature that writes cloud Microsoft 365 Groups back to on-premises Active Directory.
H
I
- Identity ProtectionMicrosoft Entra ID's risk detection engine for compromised credentials and risky sign-ins.
- Impossible TravelA Microsoft Entra ID risk signal triggered by sign-ins from geographically distant locations in physically impossible timeframes.
- Information BarriersMicrosoft Purview policies that prevent specific groups from communicating or collaborating across Microsoft 365.
- Insider Risk ManagementMicrosoft Purview's product for detecting risky internal behaviour like data theft, IP leakage, and policy violations.
- IntuneMicrosoft's cloud endpoint management service for Windows, Mac, iOS, and Android devices.
- ISO 27001The international standard for information security management systems — Microsoft 365 is certified globally.
J
K
L
- Legacy AuthenticationOld authentication protocols (basic auth POP/IMAP/SMTP, Exchange ActiveSync basic) that bypass modern security controls.
- LicenseA Microsoft 365 subscription seat assigned to a user, granting access to services.
- Lifecycle WorkflowMicrosoft Entra ID Governance feature that automates joiner-mover-leaver tasks based on user attributes.
M
- Mailbox AuditPer-mailbox logging of administrative and user actions on Exchange Online mailboxes.
- MailTipA short notification shown to email senders before they send — about recipient status, group size, external sharing, etc.
- MAM-WEMobile Application Management without enrolment — protecting corporate data inside apps on personal devices.
- MDMMobile Device Management — controlling and configuring the entire device, contrasted with MAM's app-only scope.
- Message CenterMicrosoft 365's stream of announcements about upcoming changes, feature deprecations, and admin actions.
- Message RecallThe Outlook feature for retracting an already-sent email — modern cloud-based, more reliable than the legacy version.
- Message TraceExchange Online's tool for tracking individual email messages through the delivery pipeline.
- MFAMulti-factor authentication — proving identity with more than just a password.
- MFA FatigueAn attack pattern where attackers spam MFA prompts to a victim until they approve out of frustration.
- Microsoft 365Microsoft's subscription bundle of Office apps and cloud productivity services.
- Microsoft 365 AppsThe installable Office desktop applications — Word, Excel, PowerPoint, Outlook, OneNote — delivered as a subscription.
- Microsoft 365 Business PremiumThe flagship Microsoft 365 plan for organisations under 300 users, with security and device management.
- Microsoft 365 Business StandardA mid-tier Microsoft 365 plan for SMBs with Office desktop apps but without device management or advanced security.
- Microsoft 365 Developer ProgramA free developer subscription providing a Microsoft 365 E5 tenant with sample data for testing and development.
- Microsoft 365 E3The standard enterprise Microsoft 365 plan with Office, identity, device management, and basic security.
- Microsoft 365 E5The premium enterprise Microsoft 365 plan with the full Defender, Purview, and analytics stack.
- Microsoft 365 F3The frontline Microsoft 365 plan for deskless, shift-based workers with mobile-first Microsoft 365 features.
- Microsoft 365 RoadmapMicrosoft's public list of features in development, rolling out, or recently launched across Microsoft 365.
- Microsoft 365 SubstrateThe Microsoft-internal storage and indexing layer that backs Microsoft 365 services and powers Microsoft Search and Copilot grounding.
- Microsoft BookingsThe appointment scheduling app in Microsoft 365 — branded booking pages backed by Exchange calendars.
- Microsoft FabricMicrosoft's unified data platform that subsumes Power BI and the rest of the Azure data stack.
- Microsoft FormsMicrosoft's browser-based survey, quiz, and poll tool, integrated across Microsoft 365.
- Microsoft GraphThe unified REST API for accessing Microsoft 365 data and capabilities.
- Microsoft Graph ToolkitA collection of pre-built UI components that wrap Microsoft Graph for fast app development.
- Microsoft LoopMicrosoft's collaborative document and components platform — pages built from reusable, real-time blocks.
- Microsoft PlannerThe unified task and project management app in Microsoft 365 — combining To Do, classic Planner, and Project for the Web.
- Microsoft PrivaMicrosoft's data privacy management product — privacy risk and subject rights requests across Microsoft 365.
- Microsoft ProjectMicrosoft's project management product line for serious schedules, dependencies, and portfolios.
- Microsoft PurviewMicrosoft's unified data governance, compliance, and risk management brand.
- Microsoft SearchThe unified search experience across Microsoft 365 apps, indexing Microsoft 365 content plus connected third-party sources.
- Microsoft SentinelMicrosoft's cloud-native SIEM and SOAR, integrated with Microsoft Defender XDR.
- Microsoft StreamMicrosoft's video platform in Microsoft 365 — now built on SharePoint and OneDrive.
- Microsoft SyntexMicrosoft's content AI service for SharePoint — document understanding, content assembly, and processing.
- Microsoft To DoMicrosoft's personal task list app, now folded into Microsoft Planner as "My Tasks."
- Microsoft TunnelA VPN gateway for Intune-managed mobile devices providing per-app VPN access to on-prem resources.
- Microsoft VisioMicrosoft's diagramming application for flowcharts, network diagrams, floor plans, and process maps.
- Microsoft WhiteboardMicrosoft's collaborative digital whiteboard for brainstorming and visual collaboration.
- Model-Driven AppA Power Apps application generated from a Dataverse data model, with consistent UI and built-in CRUD.
- Modern AuthenticationOAuth 2.0-based authentication in Microsoft 365, supporting MFA, Conditional Access, and tokenized sign-in.
- MTA-STSSMTP MTA Strict Transport Security — a DNS policy that requires TLS for inbound mail to a domain.
- Multi-GeoA Microsoft 365 capability that stores user data in multiple geographic regions per user within a single tenant.
N
- Nested GroupsA group structure where one group is a member of another — supported with caveats in Microsoft Entra ID.
- New OutlookThe web-based Outlook for Windows that's progressively replacing classic Outlook.
- NPS ExtensionA Microsoft Entra extension for Windows Network Policy Server that adds MFA to RADIUS authentications.
- Number MatchingA Microsoft Authenticator MFA mode requiring the user to enter a number shown on the sign-in screen.
O
- OAuthThe open authorisation standard underlying modern authentication in Microsoft 365 and most cloud services.
- Office 365The former name of Microsoft 365's productivity service line, still used in some plan SKUs.
- Office Cloud PolicyA cloud service that applies Office app policies to users regardless of device, replacing per-device Group Policy.
- Office Deployment ToolA Microsoft command-line tool for downloading and installing Microsoft 365 Apps with fine-grained control.
- OMEOffice 365 Message Encryption — Microsoft's email encryption service for sending protected mail to internal and external recipients.
- On-Premises Data GatewayA small Windows service that lets Power Platform and Power BI access on-premises data sources securely.
- OneDriveMicrosoft's personal cloud file storage for Microsoft 365 users.
- OneDrive Known FolderA Windows folder that OneDrive can redirect into cloud storage — Desktop, Documents, Pictures.
- OneNoteMicrosoft's free-form note-taking app, organised into notebooks, sections, and pages.
- Operator ConnectA Teams Phone connectivity option where a Microsoft-certified telecoms operator provides PSTN connectivity.
- OST FileThe local cached copy of an Exchange mailbox in classic Outlook for Windows.
- OutlookMicrosoft's email and calendar client, available on Windows, Mac, web, and mobile.
P
- Pass-Through AuthenticationA hybrid identity authentication method that validates passwords against on-prem AD without syncing hashes.
- PasskeyA phishing-resistant FIDO2 credential stored in an OS keychain, browser, or authenticator app.
- Password Hash SyncA hybrid identity authentication method that synchronises password hashes from AD to Entra ID for cloud-side authentication.
- Password SprayA brute-force attack pattern where attackers try common passwords against many accounts to evade lockouts.
- Password WritebackAn Entra Connect / Cloud Sync feature that syncs password changes from Entra ID back to on-premises Active Directory.
- PCI-DSSThe Payment Card Industry Data Security Standard — rules for organisations handling credit card data.
- PIMPrivileged Identity Management — just-in-time, time-bound activation of admin roles in Microsoft Entra ID.
- PnP PowerShellA community/Microsoft-supported PowerShell module for managing SharePoint Online and Microsoft 365.
- Power AppsMicrosoft's low-code platform for building business applications.
- Power AutomateMicrosoft's low-code workflow automation tool, part of the Power Platform.
- Power BIMicrosoft's business analytics platform for reports, dashboards, and semantic models.
- Power FxThe Excel-like formula language used across Power Apps, Power Automate, and other Power Platform tools.
- Power PagesMicrosoft's low-code platform for external-facing websites backed by Dataverse.
- Power PlatformMicrosoft's low-code platform family — Power Apps, Power Automate, Power BI, Power Pages, and Copilot Studio.
- PowerPointMicrosoft's presentation software for slides, meetings, and animated decks.
- Preservation HoldA hidden location where Microsoft 365 stores content that's been deleted but is subject to retention or legal hold.
- Preset Security PoliciesMicrosoft-recommended bundles of Defender for Office 365 settings — Standard and Strict — for fast secure deployment.
- Private ChannelA Microsoft Teams channel visible only to a subset of the parent team's members.
- Proxy AddressAn alternative email address routed to the same Exchange mailbox, configured as a secondary SMTP alias.
Q
R
- Retention LabelA Microsoft Purview label applied to individual files or emails defining retention rules at the item level.
- Retention PolicyA Microsoft Purview policy that keeps or deletes content for a specified period.
- Role-Based Access ControlThe pattern of granting access via named roles rather than direct user permissions — used across Microsoft 365.
- Room ListAn Exchange Online distribution group of room mailboxes used by Outlook's Room Finder for grouping rooms by building or floor.
- Row-Level SecurityA Power BI feature that filters which rows of a semantic model each user can see based on DAX expressions.
S
- SaaSSoftware as a Service — applications delivered over the internet by a vendor, rather than installed on your own servers.
- Safe AttachmentsA Defender for Office 365 feature that detonates email attachments in a sandbox before delivery.
- Safe LinksA Defender for Office 365 feature that rewrites URLs and validates them at click time.
- SAMLSecurity Assertion Markup Language — an XML-based standard for federated single sign-on.
- SCIMSystem for Cross-domain Identity Management — an open standard for automating user lifecycle across systems.
- Secure ScoreMicrosoft's numeric score of a tenant's security posture, with prioritised improvement actions.
- Security DefaultsA free pre-configured security baseline for Microsoft Entra ID tenants that haven't deployed Conditional Access.
- Semantic ModelA Power BI / Microsoft Fabric reusable data model with tables, relationships, measures, and calculations.
- Send AsAn Exchange permission letting a delegated user send email as if they were the mailbox owner.
- Send on BehalfAn Exchange permission letting a delegated user send email with attribution to the mailbox owner.
- Sensitive Information TypeA Microsoft Purview pattern definition for detecting specific kinds of sensitive content like credit cards or SSNs.
- Sensitivity LabelsMicrosoft Purview labels that classify, protect, and govern files, emails, and containers.
- Service HealthThe Microsoft 365 admin center dashboard showing current and historical service incidents.
- Service PlanAn individual capability bundled inside a Microsoft 365 licence — Exchange Online, SharePoint, Teams, etc.
- Service PrincipalThe instance of an application inside a specific Entra ID tenant, with its own permissions and identity.
- Shared ChannelA Microsoft Teams channel that can include members from other Microsoft 365 tenants.
- Shared Computer ActivationA Microsoft 365 Apps licensing mode for multi-user environments like VDI, Windows 365, and Azure Virtual Desktop.
- Shared MailboxAn Exchange Online mailbox that multiple users can read and send from, with no licence per user.
- SharePointMicrosoft's web platform for shared document libraries, team sites, and intranet portals.
- Sign-in LogMicrosoft Entra ID's record of every authentication attempt, with detail on conditions, MFA, and risk.
- Site CollectionA SharePoint top-level site and its subsites, sharing permissions, content types, and storage.
- Smart LockoutAn Entra ID feature that locks out attackers attempting credential brute-force while keeping legitimate users signed in.
- SOC 2A widely-recognised audit framework for service-organisation security and trust controls — Microsoft 365 is SOC 2 audited.
- Solution (Power Platform)A Power Platform packaging unit containing apps, flows, tables, and other components for deployment between environments.
- SPFSender Policy Framework — a DNS record that lists which servers are allowed to send mail for a domain.
- SPFxThe SharePoint Framework — Microsoft's modern client-side development model for extending SharePoint and Microsoft 365.
- SSOSingle sign-on — authenticate once to an identity provider, get access to many apps without re-prompting.
- SSPRSelf-service password reset — Microsoft Entra ID's feature letting users reset their own passwords.
T
- Targeted ReleaseThe Microsoft 365 release ring where features arrive earlier than Standard Release, for IT preview.
- TeamsMicrosoft's chat, meetings, and collaboration app — the front door to Microsoft 365.
- Teams Admin CenterThe web-based admin portal for Microsoft Teams configuration and management.
- Teams App PolicyA Teams admin policy controlling which apps users can install or have pinned in Microsoft Teams.
- Teams PhoneMicrosoft Teams as a full business phone system — calls, voicemail, auto attendants, call queues.
- Teams PolicyA per-user configuration governing what users can do in Microsoft Teams — meetings, messaging, apps, voice.
- Teams PremiumA paid add-on bundle of advanced Microsoft Teams features for meetings, webinars, and protection.
- Teams RoomsMicrosoft's solution for video conferencing in physical meeting rooms with one-touch Teams join.
- Teams Rooms ProThe premium licence tier for Microsoft Teams Rooms with advanced features and fleet management.
- Teams ToolkitMicrosoft's developer extension for Visual Studio Code that simplifies building Teams and Microsoft 365 apps.
- Temporary Access PassA time-limited Entra ID passcode used for first-time sign-in or recovery when other methods aren't available.
- TenantAn isolated instance of Microsoft 365 belonging to a single organisation.
- Tenant IDThe globally unique GUID identifying a Microsoft 365 / Entra ID tenant in APIs and configurations.
- Tenant RestrictionsMicrosoft Entra controls preventing users on your network from signing into other tenants — for data-exfiltration prevention.
- Token ProtectionA Conditional Access capability that binds access tokens to specific devices, blocking token replay from elsewhere.
- Trainable ClassifierA Microsoft Purview ML model trained on examples to identify a category of content like contracts, source code, or healthcare records.
- Transport RulesExchange Online mail flow rules that act on every message passing through the tenant.
U
V
- Viva AmplifyA Microsoft Viva module for orchestrating internal corporate communications campaigns.
- Viva ConnectionsThe personalised modern intranet experience inside Microsoft Teams, built on SharePoint communication sites.
- Viva EngageMicrosoft's enterprise social network — the rebranded successor to Yammer.
- Viva GlintMicrosoft Viva's employee engagement survey product — formal full-scale engagement and pulse surveys.
- Viva GoalsMicrosoft's OKR (Objectives and Key Results) management tool, integrated with the rest of Microsoft 365.
- Viva InsightsMicrosoft's productivity and well-being analytics service, built from Microsoft 365 telemetry.
- Viva LearningMicrosoft's central learning surface inside Teams, aggregating content from many providers.
- Viva PulseA lightweight feedback tool in Viva for managers to gather quick team input on focused questions.
W
- WebhookA push notification pattern where an external system POSTs to your endpoint when an event occurs.
- Windows 365Microsoft's cloud PC service — a fixed-price Windows desktop streamed from the cloud.
- Windows Hello for BusinessA Microsoft passwordless authentication method binding identity to a specific Windows device, unlocked by biometrics or PIN.
- WordMicrosoft's word processor, available as a desktop, web, and mobile app.
- WorkspaceA Power BI / Microsoft Fabric container for reports, semantic models, dataflows, and other content with shared access.