Cloud & Microsoft 365Glossary

The entry-level Microsoft 365 business plan: web and mobile versions of Word, Excel, PowerPoint, and Outlook, plus Exchange Online (50 GB email), Teams, OneDrive (1 TB), and SharePoint. Does NOT include the installable desktop apps.

Why it matters: Right-fit for businesses where staff primarily use Office on the web or mobile and don't need the heavy desktop apps. Cheapest M365 tier per user but no Defender, Intune, or advanced security included.

Related: Exchange Online, Business Standard, M365 Apps for Business

Everything in Business Basic plus the installable desktop versions of Word, Excel, PowerPoint, Outlook, OneNote, and (on Windows) Access and Publisher. Same 50 GB mailbox and 1 TB OneDrive.

Why it matters: The most common M365 plan for small businesses. Right-fit when staff need full-featured desktop Office and Teams but you're handling security through other tools (or with a separate Defender add-on).

Related: Business Basic, Business Premium

Everything in Business Standard plus Defender for Office 365, Defender for Business (EDR), Intune device management, Entra ID Plan 1 (conditional access, MFA enforcement, self-service password reset), and Azure Information Protection.

Why it matters: The single best-value plan for small businesses that take security seriously. Bundling these features separately costs significantly more than the Premium tier. Often the right baseline for any business with 5+ users handling sensitive data.

Related: Defender for Office 365, Intune, Conditional Access, EDR, M365 Business Standard, M365 E3

The desktop Office apps (Word, Excel, PowerPoint, Outlook, OneNote) plus 1 TB OneDrive — but no Exchange Online email, no Teams, no SharePoint. A subscription replacement for buying perpetual Office licenses.

Why it matters: Useful when a business already has email hosted elsewhere (Google Workspace, a hosted Exchange provider) and just needs Microsoft Office on each user's computer. Mostly a stopgap; full Business Basic/Standard usually makes more sense.

Related: Business Basic

Enterprise-tier M365 plan for larger organizations (300+ seats typical). Includes desktop Office, Exchange Online (100 GB mailbox), Teams, SharePoint, OneDrive (5 TB+), Intune, Entra ID Plan 1, and Azure Information Protection — but not the full Defender suite or compliance tools.

Why it matters: E3 is the workhorse enterprise plan. Most large organizations start here, then add Defender / Sentinel / compliance add-ons separately as needed. Business Premium covers similar ground for smaller orgs at lower cost.

Related: E5, Business Premium

Everything in E3 plus the full Defender suite (Defender for Endpoint, Office 365, Identity, Cloud Apps), Microsoft Sentinel access, advanced compliance and eDiscovery, Power BI Pro, and Microsoft 365 Audio Conferencing.

Why it matters: The maximum-security M365 tier. Cost per user is significantly higher than E3, justified for regulated industries (healthcare, finance, legal) or organizations doing serious SOC operations through Microsoft tooling.

Related: E3, Sentinel, Defender for Office 365

Microsoft's cloud-hosted email service, included with most M365 business plans. Provides corporate email, calendars, contacts, and mailbox storage (50 GB standard, 100 GB enterprise) accessed via Outlook, web, or mobile.

Why it matters: If you have Microsoft 365 email, you're running on Exchange Online. Everything about your inbox — retention, mobile access, MFA enforcement, spam filtering — is configured through Exchange Online admin settings.

Related: Defender for Office 365, M365 Business Basic

Microsoft's cloud-hosted platform for team sites, document libraries, and company intranets. The storage backend for Microsoft Teams files. Where your shared business files actually live in M365.

Why it matters: Every Teams channel has a SharePoint document library behind it. If you've ever wondered "where did that Teams file go?" — it's in a SharePoint site. Knowing this changes how you think about file permissions and backup scope.

Related: Microsoft Teams, OneDrive for Business

Each M365 user's personal cloud storage — 1 TB by default, up to 5 TB on enterprise plans. Syncs files between the cloud and the user's devices. Distinct from SharePoint (which is team / shared storage); OneDrive is individual.

Why it matters: When an employee leaves, their OneDrive contents are at risk unless you grant a manager access before deactivating the account. Failure to do so means files disappear after the retention window closes.

Related: SharePoint Online

Microsoft's chat, video meeting, voice calling, and file collaboration platform. Built on top of SharePoint (for files) and Exchange (for calendar). Where most M365 customers' day-to-day work happens.

Why it matters: Teams is now Microsoft's primary collaboration surface. External-sharing settings, guest access, and meeting controls all matter for security — defaults are permissive and worth reviewing on rollout.

Related: SharePoint Online

A Microsoft 365 and Azure feature that decides whether to allow a login based on conditions — who's logging in, from where, on what device, at what time. Example: "only allow company-owned laptops to access Exchange, and always require MFA outside the office."

Why it matters: Conditional Access is one of the single most effective controls available in Microsoft 365. It stops credential-theft attacks even when the credentials are real, by refusing logins that come from unexpected places or devices. Requires Entra ID P1 (included in Business Premium and E3+).

Related: MFA, Zero Trust, Entra ID, M365 Business Premium

Microsoft's cloud-based mobile-device-management (MDM) and mobile-application-management (MAM) platform. Lets administrators enroll laptops, phones, and tablets — push security policies, install software, require encryption, remotely wipe lost devices.

Why it matters: Without Intune (or an equivalent), there's no way to enforce that employee laptops actually have disk encryption, current OS patches, or screen-lock policies — they're "trusted" because they're company-issued, with nothing actually proving it.

Related: Endpoint Protection, M365 Business Premium

Microsoft's add-on security service for Exchange Online and Teams: anti-phishing with impersonation protection, attachment sandboxing (Safe Attachments), link rewriting (Safe Links), and reporting on what threats it blocked. Comes bundled with Business Premium, E5, and as a standalone add-on.

Why it matters: Default Exchange Online filtering catches the obvious junk; Defender for Office 365 catches the targeted phish that's actually trying to break into YOUR business. The investigation and remediation tools are also where SOC analysts work.

Related: Phishing, BEC, Exchange Online, M365 Business Premium, M365 E5

Microsoft's AI assistant embedded in Word, Excel, PowerPoint, Outlook, and Teams. Drafts documents, summarizes long emails and meetings, analyzes spreadsheets in natural language. Per-user license add-on with strict requirements on tenant size and existing license tier.

Why it matters: Copilot grounds its answers in your actual M365 content — Exchange, SharePoint, OneDrive, Teams. That means it inherits your existing file permissions, but also that any over-shared file becomes much easier to find. Permissions hygiene matters BEFORE rolling Copilot out, not after.

Related: ChatGPT, Claude

A low-code platform for building automated workflows — "when a form is submitted, send an email and create a SharePoint item." Included with most M365 plans at a basic tier, with premium connectors (Salesforce, SAP, etc.) requiring add-on licenses.

Why it matters: Most companies underuse Power Automate. A well-built flow can replace hours of manual data shuffling each week. Common wins: invoice processing, new-employee onboarding tasks, approval routing.

Related: Workflow Automation

Microsoft's data-visualization and business-intelligence platform. Pulls data from Excel, databases, CRM, and other sources; produces interactive dashboards and reports. Free for personal use; Power BI Pro for sharing inside an organization; Premium for enterprise scale.

Why it matters: If your business is making decisions from gut feel or spreadsheet exports, a Power BI dashboard usually pays for itself the first time it surfaces something nobody noticed in the raw data.

An isolated container that represents your organization in Microsoft's cloud — the boundary inside which all your users, groups, subscriptions, and configuration live. Created automatically when you sign up for any Microsoft cloud service.

Why it matters: If your business has more than one tenant (often from mergers or one-off sign-ups), users can end up scattered across them, with separate identities and inconsistent policies. Tenant consolidation is non-trivial but matters for governance.

Related: Subscription, Entra ID

The billing and resource-grouping unit inside an Azure tenant. Each Azure resource (VM, storage, database) belongs to exactly one subscription. Subscriptions are how organizations separate environments (Production, Test, Dev) or business units for cost allocation.

Why it matters: Multiple subscriptions mean separate bills, separate quotas, and separate access control. The right number of subscriptions is a real architecture decision: too few and there's no isolation; too many and management gets painful.

Related: Tenant, Resource Group

A logical container in Azure for grouping resources that share a lifecycle — typically all the resources for a single application or environment. Deleting the resource group deletes everything inside it; permissions can be applied at the group level.

Why it matters: Get resource groups right and cleanup is one click. Get them wrong and you'll find orphaned resources accumulating cost for years after the project they served was retired.

Related: Subscription

A virtual computer running in an Azure data center — you choose the operating system, CPU, memory, and disk size; you pay for the time it's running. Functionally identical to a physical server in your office, except Microsoft owns the hardware.

Why it matters: Azure VMs replace on-premise servers for many small businesses. The math is rarely "obviously cheaper" — it's about flexibility, disaster recovery, and avoiding hardware refresh cycles. Right-sizing matters a lot.

Related: Right-Sizing, Endpoint Protection, IaaS

An Azure account that holds different types of stored data: files (file shares), blobs (object storage for media, backups), tables (NoSQL key-value), and queues (messaging). The underlying service for many other Azure features.

Why it matters: Most Azure backups, log archives, and static files end up in a Storage Account. Egress fees apply when downloading data out of Azure — worth understanding before designing a workflow that constantly reads from cloud storage.

Related: Egress Fees

Microsoft's cloud identity and access management service — formerly known as Azure Active Directory (Azure AD). The directory of users, groups, and devices used by Microsoft 365, Azure, and thousands of integrated SaaS applications.

Why it matters: Entra ID is the identity backbone of everything Microsoft. MFA, conditional access, SSO to other apps, and single-sign-on to your own apps all run through it. Entra ID P1 (in Business Premium / E3) unlocks the security features most businesses need.

Related: MFA, SSO, Conditional Access, Tenant

Microsoft's cloud-native SIEM (security information and event management) and SOAR (security orchestration, automation, and response) platform. Collects security data from Microsoft 365, Azure, and dozens of third-party sources; analyzes it for threats; supports automated response playbooks.

Why it matters: Sentinel is what Microsoft 365 E5 customers and many MSSPs use as their primary security data platform. The pricing model (per GB ingested) is unforgiving if you don't tune what gets sent in — analyst expertise matters.

Related: SIEM, SOC, M365 E5

Software you access over the internet and pay for as a subscription, rather than installing on your own computers. The provider handles the hosting, updates, and infrastructure. Examples: Microsoft 365, Salesforce, QuickBooks Online, Dropbox.

Why it matters: Most business software is now SaaS. Trade-off: less control over when updates happen and where data lives, in exchange for not having to run servers, manage backups, or patch software yourself.

Related: PaaS, IaaS, Multi-tenancy

Cloud services that provide a runtime environment for applications — you write the code, the provider manages the underlying servers, OS, and infrastructure. Examples: Azure App Service, Heroku, AWS Lambda. Sits between IaaS (you manage more) and SaaS (you manage less).

Why it matters: PaaS is what most modern web applications run on. For a business, this matters less directly — but if your vendor uses PaaS, they have less day-to-day operational burden, which usually means more reliability for you.

Related: SaaS, IaaS

Renting raw computing infrastructure from a cloud provider — virtual machines, storage, networking — with you responsible for everything above the hardware (OS, patching, applications). Examples: Azure VMs, AWS EC2.

Why it matters: IaaS is the cloud equivalent of leasing physical servers. Most useful for businesses moving existing server workloads to the cloud without rewriting them — but it doesn't reduce the IT-management burden the way SaaS does.

Related: SaaS, PaaS, Azure VM

Cloud services delivered from infrastructure shared across many customers — Microsoft Azure, AWS, Google Cloud are public clouds. Your data is logically isolated from other tenants but runs on shared physical hardware.

Why it matters: Public cloud is where the vast majority of business workloads run. The economics work because the provider amortizes costs across thousands of customers. Compliance regulations (HIPAA, etc.) explicitly permit public cloud with proper contracts.

Related: Private Cloud, Hybrid Cloud, Multi-tenancy

Cloud infrastructure dedicated to a single organization — hosted either in the organization's own data center or by a third party on dedicated hardware. Same flexibility as public cloud, but you pay more and don't share infrastructure.

Why it matters: Private cloud is mostly a fit for large enterprises with strict data-residency or contractual isolation requirements. For small and mid-sized businesses, the cost rarely justifies it — public cloud with proper controls covers nearly all use cases.

Related: Public Cloud, Hybrid Cloud

An architecture that combines on-premise infrastructure (servers in your office or a colo) with public cloud services, with workloads moving between them. Common during cloud migrations — some applications stay local, others move to the cloud.

Why it matters: Most businesses are in a hybrid state for years during cloud migration: M365 in the cloud, the line-of-business app still on a local server. Designing for hybrid (not pretending you're 100% cloud or 100% local) usually produces better outcomes.

Related: Public Cloud, Private Cloud

An architecture where a single instance of software serves many customers ("tenants"), each with logically isolated data. The model that makes SaaS economical — the provider runs one application, not one per customer.

Why it matters: Multi-tenancy is how SaaS providers keep prices low. The trade-off is shared infrastructure: an incident affecting the provider's systems can affect every customer at once, even if no individual tenant did anything wrong.

Related: SaaS, Public Cloud

A geographic area where a cloud provider operates data centers — e.g., Azure has "East US," "West Europe," "Australia East." Customers choose regions for performance (closer = faster), data residency (legal requirements), and disaster recovery (separate regions for backup).

Why it matters: Picking the right region matters. Regulated data may need to stay in a specific country. Latency matters for interactive applications. Some regions cost more than others. Default-to-default isn't always right.

Related: Availability Zone, Latency, CDN

An isolated data center within a cloud region — physically separated (different power, cooling, network) from other zones in the same region. Designed so a single zone outage doesn't take down workloads spread across multiple zones.

Why it matters: If your business needs high availability, distributing across availability zones gives resilience to data-center-level failures (power outage, network cut). Pay extra to use multiple zones — but pay less than you would for true multi-region setups.

Related: Region, Failover

The dominant SaaS pricing model: pay a monthly or annual fee for each user account that has access to the software. M365, Salesforce, Slack, and most other modern business SaaS use this model.

Why it matters: Per-user pricing means costs scale linearly with headcount. The math gets uncomfortable as you grow — and stays high if you over-provision (assigning licenses to people who don't actually use them). Periodic license audits usually find 5–15% waste.

Related: Tenant Licensing

Pre-paying for a defined amount of cloud capacity (VMs, databases, etc.) for a 1- or 3-year term in exchange for a substantial discount (often 30–60% off pay-as-you-go pricing). Also called "reservations" in Azure, "reserved instances" in AWS.

Why it matters: Reservations only pay off if you actually use the committed capacity for the full term. Forecasting future usage matters — reservations sized too large waste money; too small don't capture the savings on actual usage.

Related: Right-Sizing

Charges levied by cloud providers when data moves OUT of their network — to your office, to a different cloud, or to end users on the public internet. Data flowing IN is typically free; data flowing OUT can be the largest line item on a cloud bill.

Why it matters: Egress fees are why "just move our backups to the cloud" is cheap to set up but can be expensive to actually restore from. Always check the egress pricing before designing workflows that constantly pull data out of cloud storage.

Related: Storage Account, Cloud Backup

The discipline of matching the size of cloud resources (VM CPU / memory, database tier, storage capacity) to what's actually being used — neither paying for unused capacity nor running starved at peak. Often a 30–50% cost-reduction opportunity for businesses that haven't tuned.

Why it matters: Defaults during initial cloud migration are almost always too generous. Six months in, right-sizing review typically finds significant waste. It's not a one-time activity; usage patterns change as the business does.

Related: Reserved Capacity, Azure VM

Some cloud features are licensed at the tenant level (one purchase covers the whole organization), others are per-user (each person needs a license). Mixing both means staying alert to which is which — a tenant-level subscription doesn't help if individual users also need per-seat licenses to use the feature.

Why it matters: Microsoft's licensing model includes both. Misreading the rules can mean a tenant pays for something it can't legally use (because users lack the per-seat license) or pays for per-user licenses for features that are tenant-bundled. Vendor support is the source of truth.

Related: Per-user Licensing