Azure AZ-204 Glossary: Key Terms
March 30, 2026
Azure AZ-204 glossary of app services, storage, security, monitoring, and integration terms.
Use this glossary when Azure developer terms start to blur together. Keep it beside the cheat sheet and resources instead of turning it into a substitute for study.
| Term |
Short meaning |
| Managed identity |
Azure-managed identity for accessing resources without stored secrets |
| App registration |
Identity definition for an application in Microsoft Entra |
| Delegated permissions |
Permissions used when an app acts on behalf of a signed-in user |
| Application permissions |
Permissions used by an app acting as itself |
| Slot swap |
App Service deployment move between staging and production slots |
| SAS |
Shared Access Signature for time-limited storage access |
| Change feed |
Ordered stream of changes, commonly used with Cosmos DB |
| Dead-lettering |
Moving failed messages to a separate queue for review |
| Idempotent |
Safe to run repeatedly without causing inconsistent duplicate effects |
| APIM |
Azure API Management |
| Event-driven |
Triggered by events rather than by direct synchronous calls |
| KQL |
Kusto Query Language used in Azure monitoring and log analysis |
| User delegation SAS |
SAS signed with Microsoft Entra credentials for Blob or Data Lake access |
| Poison message |
Message that repeatedly fails processing and must be isolated or redirected |
| Retry policy |
Rules that control how and when failed work is retried |
| App setting |
Configuration value exposed to an Azure app at runtime |
| Availability test |
Synthetic check that probes an endpoint and reports health over time |
Commonly confused pairs
| Pair |
Keep this distinction clear |
| managed identity vs client secret |
Azure-managed workload identity versus stored credential |
| delegated vs application permissions |
act as user versus act as app |
| Event Grid vs Service Bus |
lightweight event routing versus durable messaging workflow |
| queue trigger vs HTTP trigger |
asynchronous background processing versus direct request handling |
| slot swap vs direct deploy |
safer staged promotion versus immediate live deployment |
| Event Hubs vs Service Bus |
event-stream ingestion versus durable business messaging |
| Application Insights vs Azure Monitor |
application-focused telemetry lens versus broader monitoring platform |
| SAS vs managed identity |
temporary scoped storage token versus identity-based resource access |
| APIM policy vs backend code |
gateway-side traffic behavior versus application logic |
If three terms blur together
| Blur cluster |
Keep this separation clear |
| Event Grid / Event Hubs / Service Bus |
reactive event routing / stream ingestion / durable messaging workflow |
| managed identity / client secret / SAS |
identity-based access / stored credential / scoped storage access token |
| App Service / Functions / Container Apps |
web-hosting PaaS / event-driven code / container-native app hosting |
| Application Insights / Azure Monitor / KQL |
app telemetry / broader monitoring platform / query language over the telemetry |
If the confusion is really about…
Revised on Sunday, May 10, 2026