Skip to main content
Key concepts and terms for Azure virtual machines
Updated over a week ago

Enterprise Workloads Editions: ✅ Business | ✅ Enterprise | ✅ Elite

​Azure Account

The email address that you provide when you create an Azure subscription is the Azure account for the subscription. The party that is associated with the email account is responsible for the monthly costs incurred by the resources in the subscription. When you create an Azure account, you provide contact information and billing details, like a credit card. You can use the same Azure account for multiple subscriptions. Each subscription is associated with only one Azure account.

Azure Key Vault

The Key Vault provides secure storage of generic secrets, such as passwords and database connection strings. The Key Vault encrypts secrets at rest with a hierarchy of encryption keys, with all keys in that hierarchy are protected by modules that are FIPS 140-2 compliant. The Azure Key Vault service encrypts your secrets when you add them, and decrypts them automatically when you read them.

Azure Resource Manager

The deployment and management service for Azure. It provides a management layer that enables you to create, update, and delete resources in your Azure account. You use management features, like access control, locks, and tags, to secure and organize your resources after deployment.


An entity that's managed by Azure. Examples include Azure Virtual Machines, virtual networks, and storage accounts.

Resource Group

Logical containers that you use to group related resources in a subscription. Each resource can exist in only one resource group. Resource groups allow for more granular grouping within a subscription. They're commonly used to represent a collection of assets that are required to support a workload, application, or specific function within a subscription.

Resource Manager template

A JSON file that declaratively defines one or more Azure resources and that defines dependencies between the deployed resources. The template can be used to deploy the resources consistently and repeatedly.


A set of Azure datacenters that deploy inside a latency-defined perimeter. The datacenters connect through a dedicated, regional, low-latency network. Most Azure resources run in a specific Azure region.


A logical container for your resources. Each Azure resource is associated with only one subscription. Creating a subscription is the first step in adopting Azure.


A tenant is a group of users, or an organization, that share access privileges to an instance of a product, service, or application. In the Azure Active Directory, a tenant is an instance of Azure AD that an organization receives registering a cloud application like Microsoft 365. Each Azure AD tenant is distinct and separate from other Azure AD tenants. Multitenancy refers to an instance of an application shared by multiple organizations, each with separate access to the instance.

Virtual network

A network that provides connectivity between your Azure resources, which are isolated from other Azure tenants. An Azure VPN Gateway lets you establish connections between different virtual networks, or between a virtual network and an on-premises network. You can control the IP address blocks, DNS settings, security policies, and route tables within a virtual network.

Did this answer your question?