Microsoft Security SC-500 glossary of cloud and AI security, logging, threat defense, and control terms.
Use this glossary when Microsoft Cloud and AI Security Engineer route (SC-500) terms start to blur together. The goal is practical recognition, not encyclopedia coverage.
| Term | Exam meaning |
|---|---|
| Microsoft Entra ID | Microsoft identity platform used for users, apps, groups, and access control. |
| Defender | Microsoft security product family for workload, endpoint, cloud, and posture protection. |
| Sentinel | Microsoft SIEM and SOAR service for security analytics and response automation. |
| Key Vault | Azure service for secrets, keys, certificates, and controlled access to sensitive material. |
| Conditional access | Policy-based access control using signals such as user, device, risk, and location. |
| AI data boundary | The scope controlling where prompt, retrieval, model, and output data can flow. |
| Pair | How to separate them |
|---|---|
| Identity and access vs Cloud posture and governance | Ask which layer the scenario is testing, then match the answer to that layer only. |
| Control vs evidence | A control changes behavior; evidence proves behavior or supports investigation. |
| Managed service vs custom build | Managed services win for lower operational effort unless the requirement needs unsupported customization. |
| Prevention vs detection | Prevention blocks or reduces a bad event; detection finds or reports that it happened. |
Do not memorize terms in isolation. For each term, write one scenario where it is the best answer, one scenario where it is a distractor, and one signal that proves it worked.