Glossary

Artificial Intelligence

Software systems that perform tasks normally requiring human intelligence: pattern recognition, language understanding, decision making.

Application Programming Interface

A defined interface that lets one program talk to another. Cloud and AI services are almost always consumed via HTTPS REST or gRPC APIs.

Microsoft Azure

Microsoft’s public cloud platform offering IaaS, PaaS and SaaS services across regions worldwide.

Amazon Web Services

Amazon’s public cloud platform: the market leader by revenue. Offers compute (EC2), storage (S3), and a deep service catalogue.

Azure Resource Manager

Azure’s deployment and management layer: the control plane behind every resource you create. ARM templates and Bicep target this layer.

See also:Bicep

Azure Kubernetes Service

Microsoft’s managed Kubernetes offering on Azure. Microsoft runs the control plane; you manage workloads.

Azure Files

Fully managed SMB and NFS file shares in Azure. Common backing store for FSLogix profile containers in AVD deployments.

See also:FSLogix

Azure NetApp Files

High-performance, low-latency managed NetApp file shares on Azure. Often used for FSLogix and demanding EUC workloads.

See also:FSLogix

Azure Backup

Microsoft’s cloud-native backup service for VMs, SQL, file shares and SAP HANA running in Azure or on-premises.

Azure Arc

Extends Azure management (policy, monitoring, RBAC) to servers, Kubernetes clusters and data services running outside Azure.

Availability Zone

Physically separate datacentres within an Azure region. Spreading resources across AZs improves resilience.

Azure Virtual Desktop

Microsoft’s desktop and app virtualisation service on Azure with multi-session Windows. Successor brand to WVD.

See also:WVDW365

AVD Application Group

An AVD object that defines what is published from a host pool: either a full desktop or a curated set of RemoteApps.

See also:AVDRemoteApp

MSIX App Attach

A mechanism (originally for AVD) that dynamically attaches MSIX apps from VHD/CIM images at session start, separating app lifecycle from the OS image.

See also:MSIXCIMFS

Microsoft Application Virtualization

Microsoft’s legacy app virtualisation format. Being phased out in favour of MSIX.

AppX Package

The package format used by UWP apps in the Microsoft Store. MSIX is the modern, broader successor.

See also:MSIXUWP

Active Directory

Microsoft’s on-premises directory service for authentication, authorisation and policy across a Windows estate.

See also:ADFS

Active Directory Federation Services

On-premises identity federation server that issues SAML/WS-Fed tokens for SSO to cloud and SaaS apps.

Azure Active Directory

The previous name for Microsoft Entra ID. Frequently appears in older docs, PowerShell module names and group policies.

See also:Entra ID

AVD Insights

The built-in monitoring dashboard for Azure Virtual Desktop, powered by Azure Monitor and Log Analytics.

See also:AVD

Bicep

Microsoft’s domain-specific language for declarative Azure deployments. Compiles down to ARM JSON but is significantly more readable.

See also:ARMIaC

Content Delivery Network

A globally distributed cache layer that serves static content close to users for lower latency and lower origin load.

Cloud PC

An individual, dedicated Windows desktop hosted in Microsoft’s cloud and delivered via Windows 365.

See also:W365

Citrix DaaS (formerly CVAD)

Citrix’s cloud-delivered virtual apps and desktops service. Previously branded as Citrix Virtual Apps and Desktops (CVAD).

Composite Image File System

A Windows filesystem for MSIX App Attach. Faster mount and smaller footprint than VHD/VHDX.

Conditional Access

Entra ID’s policy engine: evaluates signals (user, device, location, risk) and enforces requirements like MFA or blocked access.

See also:Entra IDMFA

Compute Cluster

A group of servers that act as a single logical unit for high availability or scale: applies to Hyper-V, ESXi, Kubernetes, SQL, RDS.

Desktop as a Service

A managed cloud offering where the desktop, image and back-end are operated for you.

See also:AVDW365

Disaster Recovery

Plans, runbooks and infrastructure for restoring service after a major outage: distinct from HA, which prevents one.

Distributed Resource Scheduler

vSphere feature that automatically balances VM workloads across hosts in a cluster using vMotion.

See also:vMotion

Domain Name System

The naming system that resolves hostnames like azure.com to IP addresses. Underpins Active Directory and almost everything else.

Dynamic Host Configuration Protocol

Automatically assigns IP addresses, subnet masks, gateways and DNS servers to clients joining a network.

Demilitarised Zone

A network segment that sits between the internet and the internal network, hosting public-facing systems like reverse proxies and gateways.

Data Protection Manager

Microsoft’s backup and recovery product for Windows workloads, often deployed with Azure Backup.

Microsoft Defender

Microsoft’s family of security products: Defender for Endpoint (EDR), Defender for Cloud, Defender for Office 365, Defender XDR.

Vector Embedding

A numerical vector that represents the meaning of text, images or other data. Used for semantic search and as the lookup key in RAG.

See also:RAG

Azure ExpressRoute

Private layer-3 connection between an on-premises network and Azure, bypassing the public internet for better SLA and lower latency.

End User Computing

The discipline of delivering applications, desktops and data to users on any device: covers VDI, app virtualisation, and modern workplace.

Microsoft Entra ID

Microsoft’s cloud identity and access management service: the new name for Azure Active Directory. Provides SSO, MFA and Conditional Access.

See also:Azure ADConditional Access

VMware ESXi

VMware’s bare-metal hypervisor. The hosts in a vSphere cluster.

Model Fine-tuning

Continuing the training of a foundation model on a domain-specific dataset so it learns a particular style, vocabulary or task.

FSLogix

Microsoft’s profile management technology for non-persistent VDI/AVD. Stores user profiles in VHD/VHDX containers attached at sign-in, so the experience feels persistent on multi-session hosts.

See also:ODFCUPDAVD

Google Cloud Platform

Google’s public cloud platform. Known for data, AI and Kubernetes-native services.

Group Policy Object

Active Directory configuration objects that apply user and computer settings across an estate.

AVD Host Pool

A collection of session host VMs in AVD that share the same configuration. Pooled (multi-session) or personal (1:1).

See also:AVD

VMware Horizon

VMware’s VDI and published-app platform, available on-premises (vSphere) and via Horizon Cloud.

Microsoft Hyper-V

Microsoft’s Type-1 hypervisor built into Windows Server and Windows clients.

High Availability

Architectural patterns (failover, redundancy, clustering) that keep a service running through component failure.

HTTP Secure

HTTP transported over TLS: the secure variant used for almost all modern web traffic.

See also:TLS

Infrastructure as a Service

Cloud model where the provider supplies compute, storage and networking; the customer manages OS, runtime and applications.

Infrastructure as Code

Defining cloud infrastructure in version-controlled text files that can be reviewed, tested and replayed: using tools like Bicep, ARM, Terraform.

See also:BicepTerraform

Microsoft Intune

Microsoft’s cloud-based unified endpoint management (UEM) service for deploying apps, policies and configuration to managed devices.

Internet Small Computer Systems Interface

Block storage protocol over IP. Lets servers see remote LUNs as if they were local disks. Common backing for SAN-attached compute.

JSON Web Token

A compact, signed token format used by OIDC and most modern APIs to carry identity and claims between parties.

Kerberos

A ticket-based network authentication protocol: the default authentication mechanism inside an Active Directory domain.

See also:AD

KEMP LoadMaster (Progress LoadMaster)

A hardware/virtual load balancer and application delivery controller, now owned by Progress. Frequently used in front of RDS roles and Exchange.

Large Language Model

A neural network trained on massive text corpora to generate and reason over natural language. Examples include the GPT and Claude families.

Lightweight Directory Access Protocol

The standard protocol for querying directory services. Active Directory exposes LDAP on port 389 / LDAPS on 636.

See also:AD

Machine Learning

A discipline of AI where models learn patterns from data rather than being explicitly programmed for each rule.

Model Context Protocol

An open protocol for connecting AI assistants to tools, data sources and business systems through a consistent interface. Used by Claude and other agentic LLMs.

Windows MultiPoint Server

A Windows Server edition that turned a single server into multiple stations using RDS: primarily used in education.

MSIX Package

Microsoft’s modern Windows application package format: containerised, signed, and serviceable per-user.

See also:App Attach

Windows Installer Package

The traditional Windows installer format. Still widely used for Win32 apps and the source most MSIX repackaging tools start from.

Multi-Factor Authentication

Requires more than one factor (password + phone, hardware key, biometric) to verify identity.

Microsoft Endpoint Configuration Manager

The current name for SCCM (since 2020). Part of the Microsoft Endpoint Manager portfolio alongside Intune.

See also:SCCMIntune

Microsoft 365

Microsoft’s bundled productivity offering: Office apps, Windows licensing, Entra ID, Intune, and security services delivered as a subscription.

Windows NT LAN Manager

A legacy Microsoft challenge/response authentication protocol. Still present in Windows but discouraged for security reasons.

Network File System

A Unix-originated network file sharing protocol. Common for VMware ESXi datastores and Azure NetApp Files.

Network Attached Storage

A storage appliance that exposes file shares (SMB/NFS) over the network.

Network Load Balancing

Distributes incoming network traffic across multiple servers. Can refer to Microsoft’s Windows NLB role or any load balancer (KEMP, Azure LB, F5).

Office Container (FSLogix)

A separate FSLogix container dedicated to the Microsoft 365 Apps cache (OST, search index, Teams). Reduces sign-in time and protects the main profile container.

See also:FSLogix

OAuth 2.0

The industry-standard authorisation framework that issues access tokens so clients can call APIs on a user’s behalf without holding their password.

OpenID Connect

An identity layer built on OAuth 2.0 that adds standard sign-in and identity claims via JWT ID tokens.

Office 365

The earlier name for the productivity bundle, now part of Microsoft 365. Still used to refer to the Office apps and services subset.

See also:M365

Prompt

The input text given to an LLM, including system instructions, examples, and the user message that elicit a response.

Platform as a Service

Cloud model where the provider manages the OS and runtime; the customer provides applications and data.

PowerShell App Deployment Toolkit

A community-driven framework for wrapping Win32 installations with consistent logging, UX and pre/post logic. Common in SCCM/Intune deployments.

Package Identity

The signed identity (name, publisher, version, architecture) that MSIX/AppX uses to manage app state, capabilities and updates.

See also:MSIX

Privileged Identity Management

Entra ID feature for just-in-time, approval-based elevation of privileged roles. Limits the blast radius of standing admin permissions.

Public Key Infrastructure

The set of CAs, certificates, revocation lists and trust stores used to issue and validate X.509 certificates.

Windows PowerShell / PowerShell 7

Microsoft’s task automation shell and scripting language. Built on .NET, integrated with most Microsoft products.

Microsoft Purview

Microsoft’s data governance, compliance and DLP platform: covers information protection, insider risk and eDiscovery.

Retrieval-Augmented Generation

A pattern where an LLM is grounded by retrieving relevant context from a vector store or document index before generating an answer.

Azure Region

A geographic area containing one or more Azure datacentres. Resources are scoped to a region.

Parallels RAS

Parallels Remote Application Server: a virtual apps and desktops platform that brokers to RDS, Hyper-V, VMware, and Azure.

Remote Desktop Services

Microsoft’s Windows Server role family for delivering remote sessions and published applications.

See also:RDSHRDP

Remote Desktop Session Host

The RDS role that hosts the user sessions: the server users actually log into.

Remote Desktop Protocol

Microsoft’s wire protocol for delivering screen, input and device redirection across a network.

Remote Desktop Gateway

The RDS role that tunnels RDP over HTTPS so external users can reach internal session hosts without a VPN.

Remote Desktop Connection Broker

The RDS role that brokers user connections to the right session host, supports HA, and tracks session state.

Remote Desktop Web Access

The RDS role that publishes the web-based portal where users discover RemoteApps and full desktops.

RemoteApp

An application published from an RDS or AVD host that appears to run locally on the user’s device, while actually executing on the host.

RemoteFX

A legacy set of RDP graphics enhancements including vGPU and codec improvements. Largely removed in modern Windows for security reasons.

Role-Based Access Control

An authorisation model where permissions are assigned to roles and roles are assigned to users or groups. The basis of Azure and Entra access policy.

Software as a Service

Cloud model where the provider delivers a finished application; the customer just consumes it through a browser or thin client.

RDS Session Collection

An RDS construct that groups session hosts together with a common user assignment, RemoteApp list and policies.

Single Sign-On

A user authenticates once and is automatically signed in to additional applications via federated tokens or session cookies.

Subject Alternative Name Certificate

An X.509 certificate that covers multiple hostnames via the Subject Alternative Name extension: common for RDS roles that share a public name.

Security Assertion Markup Language

XML-based federation standard for SSO. Common in enterprise SaaS apps and federated AD FS scenarios.

See also:ADFSSSO

Service Level Agreement

A contractual commitment on availability and performance, often expressed as a number of nines (e.g. 99.9%).

VMware Storage vMotion

Live migration of a VM’s disks between datastores while it stays online.

Server Message Block

Microsoft’s file and printer sharing protocol. Used by Windows file shares, Azure Files, and FSLogix profile containers.

Storage Area Network

A dedicated network that exposes block storage to servers (typically via Fibre Channel or iSCSI). Not to be confused with SAN-cert.

System Center Configuration Manager

Microsoft’s on-premises endpoint management product for software deployment, patching and OS imaging. Now branded MECM/Configuration Manager.

System Center Operations Manager

Microsoft’s on-premises infrastructure and application monitoring product.

System Center Virtual Machine Manager

Microsoft’s management product for Hyper-V (and other) VM estates: fabric, templates, clouds.

Microsoft Sentinel

Microsoft’s cloud-native SIEM and SOAR platform on Azure. Ingests logs, runs detection rules, automates response.

Token (LLM)

The unit an LLM processes: roughly 3-4 characters of English. Context windows, pricing and rate limits are usually measured in tokens.

Terraform

HashiCorp’s multi-cloud IaC tool. Uses HCL to describe desired state across providers.

See also:IaC

Terminal Services

The original name for RDS: used on Windows Server 2003 / 2008. Rebranded to Remote Desktop Services in Windows Server 2008 R2.

See also:RDS

VMware ThinApp

VMware’s agentless application virtualisation format. Largely legacy; commonly migrated to MSIX.

Transport Layer Security

The cryptographic protocol underneath HTTPS and most secure network traffic. Successor to SSL.

Transmission Control Protocol

The reliable, ordered, connection-oriented transport protocol that underpins HTTPS, RDP and most enterprise traffic.

User Profile Disks

The earlier RDS profile-disk technology, superseded by FSLogix. Mounted at session start to give the user a persistent profile across pooled hosts.

See also:FSLogix

Universal Windows Platform

Microsoft’s framework for apps that run across Windows devices using a common API surface. Distributed as AppX/MSIX.

User Datagram Protocol

A connectionless transport protocol with lower overhead than TCP. Used by DNS, real-time media, and modern RDP shortpath.

Virtual Desktop Infrastructure

Hosting user desktops as virtual machines in a data centre or cloud, accessed remotely.

See also:AVDRDS

RDS VDI Collection

An RDS construct that groups VDI VMs (pooled or personal) and exposes them via the connection broker.

See also:VDIRDCB

Virtual Hard Disk

Microsoft’s virtual disk format. Used by Hyper-V, FSLogix profile containers and MSIX App Attach images.

See also:VHDXCIMFS

Virtual Hard Disk v2

The successor to VHD: larger capacity, better corruption resilience, used by modern Hyper-V and FSLogix deployments.

See also:VHD

Virtual Machine

A software emulation of a physical computer running its own OS on a hypervisor.

VMware vSphere

VMware’s server virtualisation platform: combines ESXi hypervisors with vCenter management.

VMware vCenter Server

The management plane for vSphere: clusters ESXi hosts, runs HA/DRS/vMotion, hosts the inventory and policies.

See also:ESXivSphere

VMware vMotion

Live migration of a running VM between ESXi hosts with no downtime.

VMware vSAN

VMware’s hyper-converged software-defined storage. Pools the local disks of ESXi hosts into a single shared datastore.

Virtual Private Network

An encrypted tunnel that connects a device or site to a private network across the public internet.

Virtual LAN

A logical segmentation of an Ethernet network using 802.1Q tags, so multiple broadcast domains share the same physical infrastructure.

Virtual LoadMaster

KEMP’s software-only LoadMaster appliance that runs on Hyper-V, ESXi or in Azure/AWS.

See also:KEMP

Windows Virtual Desktop

The original product name for what is now Azure Virtual Desktop.

See also:AVD

Windows 365

Microsoft’s Cloud PC service delivering personal, dedicated Windows desktops as a subscription. Complements AVD.

See also:AVD

AVD Workspace

The AVD object users see in their feed: groups one or more application groups for publishing.

See also:AVD

Win32 Application

Traditional Windows desktop application using the Win32 API. The vast majority of enterprise applications. Can be repackaged as MSIX.

Windows Package Manager

Microsoft’s open-source CLI package manager for Windows. Installs apps from a community-curated manifest.

WiX Toolset

An open-source toolset for authoring MSI and bundle installers from XML source.

Windows Server Failover Clustering

Microsoft’s clustering technology: groups Windows nodes so a service can fail over between them. Used by SQL AlwaysOn, Hyper-V, and RDS.

Windows Server Update Services

Microsoft’s on-premises patch distribution service for Windows and supported Microsoft products.

Windows Management Instrumentation

The Windows infrastructure for querying and managing OS state via a query language: used by inventory, monitoring, and policy tools.

Windows Hello for Business

Passwordless authentication on Windows using PIN or biometrics bound to a TPM-backed credential.

Zero Trust

A security model that assumes breach: verify every request explicitly, grant least privilege, and stop trusting the network perimeter.