Defender for Cloud glossary
This glossary provides a brief description of important terms and concepts for the Microsoft Defender for Cloud platform. Select the Learn more links to go to related terms in the glossary. This glossary can help you to learn and use the product tools quickly and effectively.
A
AAC
Adaptive application controls are an intelligent and automated solution for defining allowlists of known-safe applications for your machines. See Adaptive Application Controls.
Microsoft Entra ID
Microsoft Entra ID is a cloud-based identity and access management service. See Adaptive Application Controls.
ACR Tasks
A suite of features within Azure container registry. See Frequently asked questions - Azure Container Registry.
Adaptive network hardening
Adaptive network hardening provides recommendations to further harden the network security groups (NSG) rules. See What is Adaptive Network Hardening?.
ADO
Azure DevOps provides developer services for allowing teams to plan work, collaborate on code development, and build and deploy applications. See What is Azure DevOps?
AKS
Azure Kubernetes Service, Microsoft's managed service for developing, deploying, and managing containerized applications. See Kubernetes concepts.
Alerts
Alerts defend your workloads in real-time so you can react immediately and prevent security events from developing. See Security alerts and incidents.
ANH
Adaptive network hardening. Learn how to improve your network security posture with adaptive network hardening.
APT
Advanced Persistent Threats See the video: Understanding APTs.
Arc-enabled Kubernetes
Azure Arc-enabled Kubernetes allows you to attach and configure Kubernetes clusters running anywhere. You can connect your clusters running on other public cloud providers or clusters running on your on-premises data center. See What is Azure Arc-enabled Kubernetes.
ARG
Azure Resource Graph-an Azure service designed to extend Azure Resource Management by providing resource exploration with the ability to query at scale across a given set of subscriptions so that you can effectively govern your environment. See Azure Resource Graph Overview.
ARM
Azure Resource Manager-the deployment and management service for Azure. See Azure Resource Manager overview.
ASB
Azure Security Benchmark provides recommendations on how you can secure your cloud solutions on Azure. See Azure Security Benchmark.
Attack Path Analysis
A graph-based algorithm that scans the cloud security graph, exposes attack paths and suggests recommendations as to how best remediate issues that break the attack path and prevent successful breach. See What is attack path analysis?.
Auto-provisioning
To make sure that your server resources are secure, Microsoft Defender for Cloud uses agents installed on your servers to send information about your servers to Microsoft Defender for Cloud for analysis. You can use auto provisioning to deploy the Azure Monitor Agent on your servers. Learn how to configure auto provision.
Azure Policy for Kubernetes
A pod that extends the open-source Gatekeeper v3 and registers as a web hook to Kubernetes admission control making it possible to apply at-scale enforcements, and safeguards on your clusters in a centralized, consistent manner. It's deployed as an AKS add-on in AKS clusters and as an Arc extension in Arc enabled Kubernetes clusters. For more information, see Protect your Kubernetes workloads and Understand Azure Policy for Kubernetes clusters.
B
Bicep
Bicep is a domain-specific language (DSL) that uses declarative syntax to deploy Azure resources. It provides concise syntax, reliable type safety, and support for code reuse. See Bicep tutorial.
Blob storage
Azure Blob Storage is the high scale object storage service for Azure and a key building block for data storage in Azure. See what is Azure blob storage?.
C
Cacls
Change access control list, Microsoft Windows native command-line utility often used for modifying the security permission on folders and files. See Access control lists.
CIS Benchmark
(Kubernetes) Center for Internet Security benchmark. See CIS.
Cloud security graph
The cloud security graph is a graph-based context engine that exists within Defender for Cloud. The cloud security graph collects data from your multicloud environment and other data sources. See What is the cloud security graph?.
CORS
Cross origin resource sharing, an HTTP feature that enables a web application running under one domain to access resources in another domain. See CORS.
CNAPP
Cloud Native Application Protection Platform. See Build cloud native applications in Azure.
CNCF
Cloud Native Computing Foundation. Learn how to build CNCF projects by using Azure Kubernetes service.
CSPM
Cloud Security Posture Management. See Cloud Security Posture Management (CSPM).
CWPP
Cloud Workload Protection Platform. See CWPP.
D
Data Aware Security Posture
Data-aware security posture automatically discovers datastores containing sensitive data, and helps reduce risk of data breaches. Learn about data-aware security posture.
Defender sensor
The DaemonSet that is deployed on each node, collects signals from hosts using eBPF technology, and provides runtime protection. The sensor is registered with a Log Analytics workspace, and used as a data pipeline. However, the audit log data isn't stored in the Log Analytics workspace. It's deployed under AKS Security profile in AKS clusters and as an Arc extension in Arc enabled Kubernetes clusters. For more information, see Architecture for each Kubernetes environment.
DDOS Attack
Distributed denial-of-service, a type of attack where an attacker sends more requests to an application than the application is capable of handling. See DDOS FAQs.
E
EASM
External Attack Surface Management. See EASM Overview.
EDR
Endpoint Detection and Response. See Microsoft Defender for Endpoint.
EKS
Amazon Elastic Kubernetes Service, Amazon's managed service for running Kubernetes on AWS without needing to install, operate, and maintain your own Kubernetes control plane or nodes. SeeEKS.
eBPF
Extended Berkeley Packet Filter What is eBPF?
F
FIM
File Integrity Monitoring. Learn about (file Integrity Monitoring in Microsoft Defender for Cloud.
FTP
File Transfer Protocol. Learn how to Deploy content using FTP.
G
GCP
Google Cloud Platform. Learn how to onboard a GPC Project.
GKE
Google Kubernetes Engine, Google's managed environment for deploying, managing, and scaling applications using GCP infrastructure.|Deploy a Kubernetes workload using GPU sharing on your Azure Stack Edge Pro.
Governance
A set of rules and policies adopted by companies that run services in the cloud. The goal of cloud governance is to enhance data security, manage risk, and enable the smooth operation of cloud systems.Governance Overview.
I
IaaS
Infrastructure as a service, a type of cloud computing service that offers essential compute, storage, and networking resources on demand, on a pay-as-you-go basis. What is IaaS?.
IAM
Identity and Access management. Introduction to IAM.
J
JIT
Just-in-Time VM access. Understanding just-in-time (JIT) VM access.
K
Kill Chain
The series of steps that describe the progression of a cyberattack from reconnaissance to data exfiltration. Defender for Cloud's supported kill chain intents are based on the MITRE ATT&CK matrix. MITRE Attack Matrix.
KQL
Kusto Query Language - a tool to explore your data and discover patterns, identify anomalies and outliers, create statistical modeling, and more. KQL Overview.
L
LSA
Local Security Authority. Learn about secure and use policies on virtual machines in Azure.
M
MCSB
Microsoft Cloud Security Benchmark. See MCSB in Defender for Cloud.
MDC
Microsoft Defender for Cloud is a Cloud Security Posture Management (CSPM) and Cloud Workload Protection Platform (CWPP) for all of your Azure, on-premises, and multicloud (Amazon AWS and Google GCP) resources. What is Microsoft Defender for Cloud?.
MDE
Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to help enterprise networks prevent, detect, investigate, and respond to advanced threats. Protect your endpoints with Defender for Cloud's integrated EDR solution: Microsoft Defender for Endpoint.
MDVM
Microsoft Defender Vulnerability Management. Learn how to enable vulnerability scanning with Microsoft Defender Vulnerability Management.
MFA
Multifactor authentication, a process in which users are prompted during the sign-in process for an extra form of identification, such as a code on their cellphone or a fingerprint scan.How it works: Azure multifactor authentication.
MITRE ATT&CK
A globally accessible knowledge base of adversary tactics and techniques based on real-world observations. MITRE ATT&CK.
MMA
Microsoft Monitoring Agent, also known as Log Analytics Agent|Log Analytics Agent Overview.
N
NGAV
Next Generation Anti-Virus
NIST
National Institute of Standards and Technology. See National Institute of Standards and Technology.
NSG
Network Security Group. Learn about network security groups (NSGs).
P
PaaS
Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise applications. What is PaaS?.
R
RaMP
Rapid Modernization Plan, guidance based on initiatives, giving you a set of deployment paths to more quickly implement key layers of protection. Learn about Zero Trust Rapid Modernization Plan.
RBAC
Azure role-based access control (Azure RBAC) helps you manage who has access to Azure resources, what they can do with those resources, and what areas they have access to. RBAC Overview.
RDP
Remote Desktop Protocol (RDP) is a sophisticated technology that uses various techniques to perfect the server's remote graphics' delivery to the client device. RDP Bandwidth Requirements.
Recommendations
Recommendations secure your workloads with step-by-step actions that protect your workloads from known security risks. What are security policies, initiatives, and recommendations?.
Regulatory Compliance
Regulatory compliance refers to the discipline and process of ensuring that a company follows the laws enforced by governing bodies in their geography or rules required. Regulatory Compliance Overview.
S
SAS
Shared access signature that provides secure delegated access to resources in your storage account.Storage SAS Overview.
SaaS
Software as a service (SaaS) allows users to connect to and use cloud-based apps over the Internet. Common examples are email, calendaring, and office tools (such as Microsoft Office 365). SaaS provides a complete software solution that you purchase on a pay-as-you-go basis from a cloud service provider.What is SaaS?.
Secure Score
Defender for Cloud continually assesses your cross-cloud resources for security issues. It then aggregates all the findings into a single score that represents your current security situation: the higher the score, the lower the identified risk level. Learn more about security posture for Microsoft Defender for Cloud.
Security Alerts
Security alerts are the notifications generated by Defender for Cloud and Defender for Cloud plans when threats are identified in your cloud, hybrid, or on-premises environment.What are security alerts?
Security Initiative
A collection of Azure Policy Definitions, or rules that are grouped together towards a specific goal or purpose. What are security policies, initiatives, and recommendations?
Security Policy
An Azure rule about specific security conditions that you want controlled.Understanding Security Policies.
SIEM
Security Information and Event Management. What is SIEM?
SOAR
Security Orchestration Automated Response, a collection of software tools designed to collect data about security threats from multiple sources and respond to low-level security events without human assistance. Learn more about SOAR.
T
TVM
Threat and Vulnerability Management, a built-in module in Microsoft Defender for Endpoint that can discover vulnerabilities and misconfigurations in near real time and prioritize vulnerabilities based on the threat landscape and detections in your organization.Investigate weaknesses with Microsoft Defender for Endpoint's threat and vulnerability management.
W
WAF
Web Application Firewall (WAF) provides centralized protection of your web applications from common exploits and vulnerabilities. Learn more about WAF.
Z
Zero-Trust
A new security model that assumes breach and verifies each request as though it originated from an uncontrolled network. Learn more about Zero-Trust Security.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for