M
Solving Microsoft 365
Guides
Glossary
Glossary
The Microsoft 365 vocabulary, in plain English. 233 terms.
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
Z
A
Adaptive Scope
A Microsoft Purview scoping mechanism that uses queries over Entra ID attributes to dynamically include users, mailboxes, or sites.
Admin Center
The Microsoft 365 admin center at admin.microsoft.com — the primary tenant-level admin portal.
AI Builder
The low-code AI service in the Power Platform — document processing, prediction, and language models.
App Consent Policy
An Entra ID policy controlling which OAuth permissions users can consent to grant to applications.
Application Permissions
OAuth permissions where an app acts on its own without a user context, with access to the entire tenant scope.
ARC
Authenticated Received Chain — an email authentication standard that preserves DMARC trust through legitimate forwarders.
Attack Surface Reduction
A Microsoft Defender for Endpoint feature with granular rules that block common attack techniques on Windows endpoints.
Audit Log
Microsoft Purview's unified audit log of administrative and user actions across Microsoft 365.
Authentication Method
A way to prove identity in Entra ID — password, Authenticator app, FIDO2 key, passkey, Windows Hello, certificate.
Autopilot
Microsoft's zero-touch provisioning service for new Windows devices.
Azure AD
The former name for Microsoft Entra ID, Microsoft's cloud identity service.
Azure Information Protection
The former name for Microsoft Purview's sensitivity labelling and information protection capabilities.
Azure Key Vault
Microsoft's cloud key, secret, and certificate management service — used by Microsoft 365 features like Customer Key.
Azure Virtual Desktop
Microsoft's flexible cloud VDI service for hosting Windows desktops and remote apps in Azure.
B
B2B Collaboration
Microsoft Entra ID's mechanism for inviting external partners into your tenant as guests.
B2C
Microsoft's customer identity model for external apps — formerly Azure AD B2C, now Microsoft Entra External ID.
BIMI
Brand Indicators for Message Identification — a DNS record that displays your brand logo in supported email clients.
Bring Your Own Key
An encryption model where the customer provides the root key — also called BYOK or HYOK in stricter variants.
Business Continuity
Maintaining critical business functions during and after disruption — including Microsoft 365 service incidents.
C
Call Queue
A Teams Phone feature that distributes inbound calls across a group of agents with hold music and routing rules.
Canvas App
A Power Apps application designed visually with drag-and-drop controls and Power Fx formulas.
Cloud PC
A Windows 365 cloud-hosted Windows desktop streamed to any device.
Compliance Center
The legacy name for the Microsoft Purview compliance portal.
Compliant Network
A Conditional Access location condition requiring sign-ins to come through a known corporate network egress.
Conditional Access
Microsoft Entra's policy engine for allowing, blocking, or stepping up authentication based on signals.
Conditional Access App Control
A Microsoft Entra and Defender for Cloud Apps feature that proxies session traffic for real-time session controls.
Conditional Launch
Intune app protection policy settings that block app sign-in based on device or app state.
Consent Phishing
An attack pattern where users are tricked into granting OAuth permissions to a malicious application.
Content Search
Microsoft Purview's keyword search across Microsoft 365 content for compliance and investigation.
Content Type
A SharePoint definition bundling columns, behaviour, and metadata for a category of content.
Continuous Access Evaluation
A Microsoft Entra ID feature that revokes access tokens in near real time when risk signals change.
Copilot
Microsoft 365 Copilot — the generative-AI assistant integrated across the Microsoft 365 apps.
Copilot Chat
The standalone Microsoft 365 Copilot conversational interface — free web-grounded tier and paid tenant-grounded tier.
Copilot Pages
A Microsoft 365 Copilot capability that turns Copilot responses into editable, shareable Loop pages.
Copilot Studio
Microsoft's low-code platform for building custom Copilots and AI agents.
Cross-Tenant Access Settings
Microsoft Entra ID configuration for trust between Microsoft 365 tenants — B2B, shared channels, multi-tenant collaboration.
Customer Key
A Microsoft 365 service-encryption option where the customer provides and controls the encryption keys.
Customer Lockbox
A Microsoft 365 feature requiring customer approval before Microsoft engineers can access tenant content.
D
Dataflow
A reusable cloud-hosted Power Query data preparation flow in Power BI, Microsoft Fabric, or Power Platform.
Dataverse
Microsoft's relational database service behind the Power Platform and Dynamics 365.
DAX
Data Analysis Expressions — the formula and query language for Power BI, Microsoft Fabric, and Analysis Services.
Defender
Microsoft's family of threat-protection products, unified under Microsoft Defender XDR.
Defender for Cloud
Microsoft's cloud workload protection platform for Azure, AWS, and GCP resources.
Defender for IoT
Microsoft's security product for industrial control systems, operational technology, and IoT devices.
Defender XDR
Microsoft's unified extended detection and response portal that correlates signals across Defender products.
Delegated Permissions
OAuth permissions where an app acts on behalf of a signed-in user, inheriting that user's access rights.
Direct Routing
A Teams Phone connectivity option that uses your own Session Border Controller and SIP carrier.
Distribution List
An Exchange-side address list that fans out mail to its members' personal inboxes.
DKIM
DomainKeys Identified Mail — a DNS-based signing mechanism that proves email came from your domain.
DLP
Data loss prevention — Microsoft Purview policies that detect and act on sensitive data movement.
DMARC
Domain-based Message Authentication, Reporting and Conformance — the policy layer above SPF and DKIM.
E
eDiscovery
Microsoft Purview's toolset for finding, preserving, reviewing, and exporting content for legal cases and investigations.
Entitlement Management
A Microsoft Entra ID Governance feature for packaging and assigning access at scale via access packages.
Entra ID
Microsoft's cloud identity and access service — the directory behind every Microsoft 365 sign-in.
Entra ID P1
The Premium P1 tier of Microsoft Entra ID — Conditional Access, password writeback, dynamic groups, SaaS provisioning.
Entra ID P2
The Premium P2 tier of Microsoft Entra ID — Identity Protection, Privileged Identity Management, access reviews.
Environment (Power Platform)
A Power Platform container for apps, flows, agents, and Dataverse — the unit of isolation between projects and lifecycle stages.
EOP
Exchange Online Protection — the baseline anti-spam, anti-malware, and anti-phishing service included with Microsoft 365.
EU Data Boundary
Microsoft's commitment that EU customer data is processed within the European Union.
Excel
Microsoft's spreadsheet application — the deepest tool in the Office suite.
Exchange Admin Center
The web-based admin portal for Exchange Online configuration — mailboxes, mail flow, transport rules, and recipients.
Exchange Archive
A secondary Exchange Online mailbox that extends storage beyond the primary mailbox limit for an individual user.
Exchange Online
Microsoft's cloud-hosted email and calendaring service, included in Microsoft 365.
F
Fabric Capacity
The Microsoft Fabric resource unit (F-SKU) that provides shared compute for Power BI and Fabric workloads.
Federation
An authentication model where a trusted external identity provider authenticates users instead of the local directory.
FedRAMP
The US Federal Risk and Authorization Management Program — cloud security framework for US government cloud workloads.
FIDO2
A phishing-resistant authentication standard supported by Microsoft Entra ID via hardware keys and passkeys.
Files On-Demand
A OneDrive feature that shows synced files in the file system without downloading them until opened.
Focused Inbox
An Outlook feature that automatically separates important mail from low-priority mail using mailbox-side machine learning.
Frontline Worker
Microsoft's term for deskless, shift-based workers — retail, hospitality, healthcare, manufacturing — with specific Microsoft 365 plans.
G
GDAP
Granular Delegated Admin Privileges — the modern partner-to-customer access model for CSPs and MSPs.
GDPR
The EU General Data Protection Regulation — personal data privacy rules with major implications for Microsoft 365 deployments.
Graph Connector
A Microsoft Graph indexing connector that brings third-party content into Microsoft Search and Copilot grounding.
Graph Explorer
Microsoft's web-based tool for interactively testing Microsoft Graph API requests.
Group Writeback
An Entra Connect feature that writes cloud Microsoft 365 Groups back to on-premises Active Directory.
H
HIPAA
The US Health Insurance Portability and Accountability Act — health-data protection rules covered by Microsoft 365 with a BAA.
Hybrid Identity
Identity architecture where on-premises Active Directory and Microsoft Entra ID are kept in sync.
I
Identity Protection
Microsoft Entra ID's risk detection engine for compromised credentials and risky sign-ins.
Impossible Travel
A Microsoft Entra ID risk signal triggered by sign-ins from geographically distant locations in physically impossible timeframes.
Information Barriers
Microsoft Purview policies that prevent specific groups from communicating or collaborating across Microsoft 365.
Insider Risk Management
Microsoft Purview's product for detecting risky internal behaviour like data theft, IP leakage, and policy violations.
Intune
Microsoft's cloud endpoint management service for Windows, Mac, iOS, and Android devices.
ISO 27001
The international standard for information security management systems — Microsoft 365 is certified globally.
J
Journaling
An Exchange Online feature that captures copies of every email matching a rule for compliance archiving.
Just-in-Time Provisioning
An SSO pattern where user accounts in a target app are created automatically on first sign-in.
K
Known Folder Move
The OneDrive feature that redirects Desktop, Documents, and Pictures into OneDrive for automatic backup.
KQL
Kusto Query Language — Microsoft's query language for telemetry data across Defender XDR, Sentinel, and Azure Monitor.
L
Legacy Authentication
Old authentication protocols (basic auth POP/IMAP/SMTP, Exchange ActiveSync basic) that bypass modern security controls.
License
A Microsoft 365 subscription seat assigned to a user, granting access to services.
Lifecycle Workflow
Microsoft Entra ID Governance feature that automates joiner-mover-leaver tasks based on user attributes.
M
Mailbox Audit
Per-mailbox logging of administrative and user actions on Exchange Online mailboxes.
MailTip
A short notification shown to email senders before they send — about recipient status, group size, external sharing, etc.
MAM-WE
Mobile Application Management without enrolment — protecting corporate data inside apps on personal devices.
MDM
Mobile Device Management — controlling and configuring the entire device, contrasted with MAM's app-only scope.
Message Center
Microsoft 365's stream of announcements about upcoming changes, feature deprecations, and admin actions.
Message Recall
The Outlook feature for retracting an already-sent email — modern cloud-based, more reliable than the legacy version.
Message Trace
Exchange Online's tool for tracking individual email messages through the delivery pipeline.
MFA
Multi-factor authentication — proving identity with more than just a password.
MFA Fatigue
An attack pattern where attackers spam MFA prompts to a victim until they approve out of frustration.
Microsoft 365
Microsoft's subscription bundle of Office apps and cloud productivity services.
Microsoft 365 Apps
The installable Office desktop applications — Word, Excel, PowerPoint, Outlook, OneNote — delivered as a subscription.
Microsoft 365 Business Premium
The flagship Microsoft 365 plan for organisations under 300 users, with security and device management.
Microsoft 365 Business Standard
A mid-tier Microsoft 365 plan for SMBs with Office desktop apps but without device management or advanced security.
Microsoft 365 Developer Program
A free developer subscription providing a Microsoft 365 E5 tenant with sample data for testing and development.
Microsoft 365 E3
The standard enterprise Microsoft 365 plan with Office, identity, device management, and basic security.
Microsoft 365 E5
The premium enterprise Microsoft 365 plan with the full Defender, Purview, and analytics stack.
Microsoft 365 F3
The frontline Microsoft 365 plan for deskless, shift-based workers with mobile-first Microsoft 365 features.
Microsoft 365 Roadmap
Microsoft's public list of features in development, rolling out, or recently launched across Microsoft 365.
Microsoft 365 Substrate
The Microsoft-internal storage and indexing layer that backs Microsoft 365 services and powers Microsoft Search and Copilot grounding.
Microsoft Bookings
The appointment scheduling app in Microsoft 365 — branded booking pages backed by Exchange calendars.
Microsoft Fabric
Microsoft's unified data platform that subsumes Power BI and the rest of the Azure data stack.
Microsoft Forms
Microsoft's browser-based survey, quiz, and poll tool, integrated across Microsoft 365.
Microsoft Graph
The unified REST API for accessing Microsoft 365 data and capabilities.
Microsoft Graph Toolkit
A collection of pre-built UI components that wrap Microsoft Graph for fast app development.
Microsoft Loop
Microsoft's collaborative document and components platform — pages built from reusable, real-time blocks.
Microsoft Planner
The unified task and project management app in Microsoft 365 — combining To Do, classic Planner, and Project for the Web.
Microsoft Priva
Microsoft's data privacy management product — privacy risk and subject rights requests across Microsoft 365.
Microsoft Project
Microsoft's project management product line for serious schedules, dependencies, and portfolios.
Microsoft Purview
Microsoft's unified data governance, compliance, and risk management brand.
Microsoft Search
The unified search experience across Microsoft 365 apps, indexing Microsoft 365 content plus connected third-party sources.
Microsoft Sentinel
Microsoft's cloud-native SIEM and SOAR, integrated with Microsoft Defender XDR.
Microsoft Stream
Microsoft's video platform in Microsoft 365 — now built on SharePoint and OneDrive.
Microsoft Syntex
Microsoft's content AI service for SharePoint — document understanding, content assembly, and processing.
Microsoft To Do
Microsoft's personal task list app, now folded into Microsoft Planner as "My Tasks."
Microsoft Tunnel
A VPN gateway for Intune-managed mobile devices providing per-app VPN access to on-prem resources.
Microsoft Visio
Microsoft's diagramming application for flowcharts, network diagrams, floor plans, and process maps.
Microsoft Whiteboard
Microsoft's collaborative digital whiteboard for brainstorming and visual collaboration.
Model-Driven App
A Power Apps application generated from a Dataverse data model, with consistent UI and built-in CRUD.
Modern Authentication
OAuth 2.0-based authentication in Microsoft 365, supporting MFA, Conditional Access, and tokenized sign-in.
MTA-STS
SMTP MTA Strict Transport Security — a DNS policy that requires TLS for inbound mail to a domain.
Multi-Geo
A Microsoft 365 capability that stores user data in multiple geographic regions per user within a single tenant.
N
Nested Groups
A group structure where one group is a member of another — supported with caveats in Microsoft Entra ID.
New Outlook
The web-based Outlook for Windows that's progressively replacing classic Outlook.
NPS Extension
A Microsoft Entra extension for Windows Network Policy Server that adds MFA to RADIUS authentications.
Number Matching
A Microsoft Authenticator MFA mode requiring the user to enter a number shown on the sign-in screen.
O
OAuth
The open authorisation standard underlying modern authentication in Microsoft 365 and most cloud services.
Office 365
The former name of Microsoft 365's productivity service line, still used in some plan SKUs.
Office Cloud Policy
A cloud service that applies Office app policies to users regardless of device, replacing per-device Group Policy.
Office Deployment Tool
A Microsoft command-line tool for downloading and installing Microsoft 365 Apps with fine-grained control.
OME
Office 365 Message Encryption — Microsoft's email encryption service for sending protected mail to internal and external recipients.
On-Premises Data Gateway
A small Windows service that lets Power Platform and Power BI access on-premises data sources securely.
OneDrive
Microsoft's personal cloud file storage for Microsoft 365 users.
OneDrive Known Folder
A Windows folder that OneDrive can redirect into cloud storage — Desktop, Documents, Pictures.
OneNote
Microsoft's free-form note-taking app, organised into notebooks, sections, and pages.
Operator Connect
A Teams Phone connectivity option where a Microsoft-certified telecoms operator provides PSTN connectivity.
OST File
The local cached copy of an Exchange mailbox in classic Outlook for Windows.
Outlook
Microsoft's email and calendar client, available on Windows, Mac, web, and mobile.
P
Pass-Through Authentication
A hybrid identity authentication method that validates passwords against on-prem AD without syncing hashes.
Passkey
A phishing-resistant FIDO2 credential stored in an OS keychain, browser, or authenticator app.
Password Hash Sync
A hybrid identity authentication method that synchronises password hashes from AD to Entra ID for cloud-side authentication.
Password Spray
A brute-force attack pattern where attackers try common passwords against many accounts to evade lockouts.
Password Writeback
An Entra Connect / Cloud Sync feature that syncs password changes from Entra ID back to on-premises Active Directory.
PCI-DSS
The Payment Card Industry Data Security Standard — rules for organisations handling credit card data.
PIM
Privileged Identity Management — just-in-time, time-bound activation of admin roles in Microsoft Entra ID.
PnP PowerShell
A community/Microsoft-supported PowerShell module for managing SharePoint Online and Microsoft 365.
Power Apps
Microsoft's low-code platform for building business applications.
Power Automate
Microsoft's low-code workflow automation tool, part of the Power Platform.
Power BI
Microsoft's business analytics platform for reports, dashboards, and semantic models.
Power Fx
The Excel-like formula language used across Power Apps, Power Automate, and other Power Platform tools.
Power Pages
Microsoft's low-code platform for external-facing websites backed by Dataverse.
Power Platform
Microsoft's low-code platform family — Power Apps, Power Automate, Power BI, Power Pages, and Copilot Studio.
PowerPoint
Microsoft's presentation software for slides, meetings, and animated decks.
Preservation Hold
A hidden location where Microsoft 365 stores content that's been deleted but is subject to retention or legal hold.
Preset Security Policies
Microsoft-recommended bundles of Defender for Office 365 settings — Standard and Strict — for fast secure deployment.
Private Channel
A Microsoft Teams channel visible only to a subset of the parent team's members.
Proxy Address
An alternative email address routed to the same Exchange mailbox, configured as a secondary SMTP alias.
Q
Quarantine
The holding area for emails detected as spam, phishing, or malware by Exchange Online Protection and Defender for Office 365.
R
Retention Label
A Microsoft Purview label applied to individual files or emails defining retention rules at the item level.
Retention Policy
A Microsoft Purview policy that keeps or deletes content for a specified period.
Role-Based Access Control
The pattern of granting access via named roles rather than direct user permissions — used across Microsoft 365.
Room List
An Exchange Online distribution group of room mailboxes used by Outlook's Room Finder for grouping rooms by building or floor.
Row-Level Security
A Power BI feature that filters which rows of a semantic model each user can see based on DAX expressions.
S
SaaS
Software as a Service — applications delivered over the internet by a vendor, rather than installed on your own servers.
Safe Attachments
A Defender for Office 365 feature that detonates email attachments in a sandbox before delivery.
Safe Links
A Defender for Office 365 feature that rewrites URLs and validates them at click time.
SAML
Security Assertion Markup Language — an XML-based standard for federated single sign-on.
SCIM
System for Cross-domain Identity Management — an open standard for automating user lifecycle across systems.
Secure Score
Microsoft's numeric score of a tenant's security posture, with prioritised improvement actions.
Security Defaults
A free pre-configured security baseline for Microsoft Entra ID tenants that haven't deployed Conditional Access.
Semantic Model
A Power BI / Microsoft Fabric reusable data model with tables, relationships, measures, and calculations.
Send As
An Exchange permission letting a delegated user send email as if they were the mailbox owner.
Send on Behalf
An Exchange permission letting a delegated user send email with attribution to the mailbox owner.
Sensitive Information Type
A Microsoft Purview pattern definition for detecting specific kinds of sensitive content like credit cards or SSNs.
Sensitivity Labels
Microsoft Purview labels that classify, protect, and govern files, emails, and containers.
Service Health
The Microsoft 365 admin center dashboard showing current and historical service incidents.
Service Plan
An individual capability bundled inside a Microsoft 365 licence — Exchange Online, SharePoint, Teams, etc.
Service Principal
The instance of an application inside a specific Entra ID tenant, with its own permissions and identity.
Shared Channel
A Microsoft Teams channel that can include members from other Microsoft 365 tenants.
Shared Computer Activation
A Microsoft 365 Apps licensing mode for multi-user environments like VDI, Windows 365, and Azure Virtual Desktop.
Shared Mailbox
An Exchange Online mailbox that multiple users can read and send from, with no licence per user.
SharePoint
Microsoft's web platform for shared document libraries, team sites, and intranet portals.
Sign-in Log
Microsoft Entra ID's record of every authentication attempt, with detail on conditions, MFA, and risk.
Site Collection
A SharePoint top-level site and its subsites, sharing permissions, content types, and storage.
Smart Lockout
An Entra ID feature that locks out attackers attempting credential brute-force while keeping legitimate users signed in.
SOC 2
A widely-recognised audit framework for service-organisation security and trust controls — Microsoft 365 is SOC 2 audited.
Solution (Power Platform)
A Power Platform packaging unit containing apps, flows, tables, and other components for deployment between environments.
SPF
Sender Policy Framework — a DNS record that lists which servers are allowed to send mail for a domain.
SPFx
The SharePoint Framework — Microsoft's modern client-side development model for extending SharePoint and Microsoft 365.
SSO
Single sign-on — authenticate once to an identity provider, get access to many apps without re-prompting.
SSPR
Self-service password reset — Microsoft Entra ID's feature letting users reset their own passwords.
T
Targeted Release
The Microsoft 365 release ring where features arrive earlier than Standard Release, for IT preview.
Teams
Microsoft's chat, meetings, and collaboration app — the front door to Microsoft 365.
Teams Admin Center
The web-based admin portal for Microsoft Teams configuration and management.
Teams App Policy
A Teams admin policy controlling which apps users can install or have pinned in Microsoft Teams.
Teams Phone
Microsoft Teams as a full business phone system — calls, voicemail, auto attendants, call queues.
Teams Policy
A per-user configuration governing what users can do in Microsoft Teams — meetings, messaging, apps, voice.
Teams Premium
A paid add-on bundle of advanced Microsoft Teams features for meetings, webinars, and protection.
Teams Rooms
Microsoft's solution for video conferencing in physical meeting rooms with one-touch Teams join.
Teams Rooms Pro
The premium licence tier for Microsoft Teams Rooms with advanced features and fleet management.
Teams Toolkit
Microsoft's developer extension for Visual Studio Code that simplifies building Teams and Microsoft 365 apps.
Temporary Access Pass
A time-limited Entra ID passcode used for first-time sign-in or recovery when other methods aren't available.
Tenant
An isolated instance of Microsoft 365 belonging to a single organisation.
Tenant ID
The globally unique GUID identifying a Microsoft 365 / Entra ID tenant in APIs and configurations.
Tenant Restrictions
Microsoft Entra controls preventing users on your network from signing into other tenants — for data-exfiltration prevention.
Token Protection
A Conditional Access capability that binds access tokens to specific devices, blocking token replay from elsewhere.
Trainable Classifier
A Microsoft Purview ML model trained on examples to identify a category of content like contracts, source code, or healthcare records.
Transport Rules
Exchange Online mail flow rules that act on every message passing through the tenant.
U
Universal Print
Microsoft's cloud printing service for Microsoft 365 — print without on-prem print servers.
User Principal Name
The Entra ID identifier for a user, typically the user's primary email address, used for sign-in.
V
Viva Amplify
A Microsoft Viva module for orchestrating internal corporate communications campaigns.
Viva Connections
The personalised modern intranet experience inside Microsoft Teams, built on SharePoint communication sites.
Viva Engage
Microsoft's enterprise social network — the rebranded successor to Yammer.
Viva Glint
Microsoft Viva's employee engagement survey product — formal full-scale engagement and pulse surveys.
Viva Goals
Microsoft's OKR (Objectives and Key Results) management tool, integrated with the rest of Microsoft 365.
Viva Insights
Microsoft's productivity and well-being analytics service, built from Microsoft 365 telemetry.
Viva Learning
Microsoft's central learning surface inside Teams, aggregating content from many providers.
Viva Pulse
A lightweight feedback tool in Viva for managers to gather quick team input on focused questions.
W
Webhook
A push notification pattern where an external system POSTs to your endpoint when an event occurs.
Windows 365
Microsoft's cloud PC service — a fixed-price Windows desktop streamed from the cloud.
Windows Hello for Business
A Microsoft passwordless authentication method binding identity to a specific Windows device, unlocked by biometrics or PIN.
Word
Microsoft's word processor, available as a desktop, web, and mobile app.
Workspace
A Power BI / Microsoft Fabric container for reports, semantic models, dataflows, and other content with shared access.
Z
Zero Trust
A security model that verifies every access request explicitly, applies least privilege, and assumes breach.