Zum Hauptinhalt springen

Glossary — IT Carve-Out, NIS2, Zero Trust, Azure & AI

Structured definitions on Microsoft Cloud, IT Security, Enterprise AI and IT carve-out from danad GmbH practice.

Cloud & Infrastructure

Azure Bicep

Azure Bicep is Microsoft's declarative Infrastructure-as-Code language for Azure. It compiles to ARM JSON but is significantly more readable and maintainable. Advantages over Terra

Azure Landing Zone

An Azure Landing Zone is a pre-structured, security- and compliance-aligned Azure tenant baseline that serves as the foundation for cloud migrations. It defines subscription topolo

Azure Virtual Desktop

Azure Virtual Desktop (AVD) is Microsoft's cloud desktop solution. It delivers Windows 10/11 multi-session desktops and remote apps directly from Azure and is the strategic success

CI/CD (Continuous Integration / Continuous Delivery)

CI/CD is the software engineering practice of automatically integrating, testing and shipping code changes to production. Microsoft stack tools: Azure DevOps Pipelines, GitHub Acti

Cloud Migration

Cloud Migration is the relocation of workloads, data and applications from on-premises datacentres to a public cloud (Azure, AWS, GCP). Strategies: Rehost (Lift & Shift), Replatfor

Cloud Readiness Assessment

A Cloud Readiness Assessment is a structured evaluation of a company's technical, organisational and commercial prerequisites for cloud adoption. It assesses application portfolio,

FSLogix Profile Container

FSLogix is Microsoft's user profile management solution for multi-session environments like Azure Virtual Desktop and Windows 365. It stores user profiles as virtual hard disks (VH

Hybrid Cloud

Hybrid Cloud is an IT architecture where on-premises infrastructure and public cloud services work seamlessly together. Typical patterns: ExpressRoute / VPN connections, Azure Arc

Infrastructure as Code (IaC)

Infrastructure as Code (IaC) means defining IT infrastructure through declarative code templates rather than manual click-configuration. Tools: Bicep (Azure-native), Terraform (clo

Microsoft 365 Tenant-to-Tenant Migration

Tenant-to-Tenant Migration is the relocation of Microsoft 365 data (mail, OneDrive, SharePoint, Teams, identities) from one tenant to another — typical in M&A, carve-outs or rebran

Microsoft Cloud Adoption Framework (CAF)

The Microsoft Cloud Adoption Framework (CAF) is Microsoft's standardised methodology for cloud transformations. It defines six phases — Strategy, Plan, Ready, Adopt, Govern, Manage

Microsoft Fabric

Microsoft Fabric is Microsoft's unified data and analytics platform. It combines Data Engineering, Data Science, Real-Time Analytics, Data Warehouse and Power BI in a SaaS product

Terraform

Terraform is HashiCorp's cloud-agnostic Infrastructure-as-Code solution. Unlike Azure Bicep, Terraform supports multi-cloud (Azure + AWS + GCP + 3000+ providers) and is the de-fact

Cybersecurity & Compliance

Backup & Disaster Recovery

Backup & Disaster Recovery (BDR) ensures business continuity during outages and cyber attacks. 2026 best practice: 3-2-1-1-0 rule (3 copies, 2 media, 1 offsite, 1 immutable, 0 veri

BSI IT-Grundschutz

BSI IT-Grundschutz is the German methodology for systematic IT infrastructure protection, published by the Federal Office for Information Security (BSI). It combines standards (200

Data Loss Prevention (DLP)

Data Loss Prevention (DLP) is the continuous prevention of data exfiltration through automated content classification and policy enforcement. In the Microsoft stack: Microsoft Purv

Data Residency

Data Residency refers to the obligation that certain data is stored and processed within a defined geographic area (e.g. EU, Germany, Switzerland). Microsoft addresses this with Az

GDPR / DSGVO

The General Data Protection Regulation (GDPR) — German Datenschutz-Grundverordnung (DSGVO) — has governed personal data processing across the EU since May 2018. Obligations: record

ISO/IEC 27001

ISO/IEC 27001 is the leading international standard for Information Security Management Systems (ISMS). It defines risk-based requirements for organisational structures, policies,

KRITIS (Critical Infrastructure)

KRITIS is the German term for Critical Infrastructure — facilities whose failure would cause significant supply shortages. KRITIS sectors (energy, water, food, IT, health, finance,

Microsoft Defender for Cloud

Microsoft Defender for Cloud is Microsoft's Cloud Workload Protection Platform (CWPP) and Cloud Security Posture Management (CSPM). It continuously assesses security configurations

Microsoft Defender for Endpoint

Microsoft Defender for Endpoint (MDE) is Microsoft's EDR (Endpoint Detection and Response) solution for Windows, macOS, Linux, iOS and Android endpoints. Delivers behaviour analyti

Microsoft Defender for Identity

Microsoft Defender for Identity (MDI) is Microsoft's ITDR (Identity Threat Detection and Response) solution for hybrid identity environments. Detects attacks like Pass-the-Hash, Go

Microsoft Defender XDR

Microsoft Defender XDR (Extended Detection and Response) is Microsoft's integrated threat detection suite. It correlates signals from Defender for Endpoint, Identity, Cloud Apps, O

Microsoft Purview Sensitivity Labels

Sensitivity Labels are Microsoft's classification and protection system for Office documents, email, SharePoint sites, Teams and containers. Labels can enforce encryption, watermar

Microsoft Sentinel

Microsoft Sentinel is Microsoft's cloud-native SIEM/SOAR product. It collects security events from on-premises, cloud and multi-vendor sources, correlates them with AI-based detect

NIS2 Compliance

NIS2 (Network and Information Security Directive 2) is the EU cybersecurity directive mandatory since October 2024 for "essential" and "important" entities. It extends NIS1 with ne

Ransomware Resilience

Ransomware Resilience is the ability to prevent, contain and fully recover from ransomware attacks. Building blocks: immutable backups (3-2-1-1-0 rule), hardened Active Directory t

Shadow IT

Shadow IT refers to applications, cloud services and devices used by employees without IT department knowledge or approval. Risks: data exfiltration, missing compliance, unsecured

SIEM (Security Information and Event Management)

A SIEM aggregates security-relevant logs from the entire IT landscape and correlates them into detection use cases. Market leaders: Microsoft Sentinel, Splunk, IBM QRadar, Elastic

SOC (Security Operations Center)

A Security Operations Center (SOC) is the central unit that continuously monitors, investigates and responds to cybersecurity events. Building one is capital- and staff-intensive (

Zero Trust Architecture

Zero Trust is a security model that explicitly verifies every access — regardless of location, network or device. Core principles: "Never trust, always verify", "Assume breach", "V

M&A IT & Due Diligence

IT Carve-Out

IT Carve-Out refers to the technical and organisational separation of IT infrastructure for a divested business unit during an M&A transaction. The goal is a fully standalone, oper

IT Due Diligence

IT Due Diligence is the systematic assessment of a target company's IT landscape prior to a transaction. It evaluates architecture, licensing, contractual obligations, cybersecurit

Post Merger IT Integration

Post Merger IT Integration (PMI) is the consolidation of two companies' IT landscapes after an acquisition. Focus areas: identity merger (AD/Entra ID), domain migration, applicatio

Transitional Service Agreement (TSA)

A Transitional Service Agreement (TSA) is a time-bounded service contract between buyer and seller of a divested business unit where the seller continues to provide critical IT and

Enterprise AI

Azure AI Foundry

Azure AI Foundry is Microsoft's unified platform for enterprise AI development. It combines Model Catalog (3000+ foundation models), Prompt Flow, Evaluation, Agent Service and prod

Azure OpenAI Service

Azure OpenAI Service provides OpenAI models (GPT-4o, GPT-4 Turbo, o1, o3) inside an Azure tenant — with enterprise features: data never leaves the tenant, regional hosting options,

Enterprise RAG (Retrieval Augmented Generation)

Retrieval Augmented Generation (RAG) combines language models with internal knowledge sources. A vector index (e.g. Azure AI Search) retrieves relevant documents, then the LLM gene

GitHub Copilot for Business

GitHub Copilot for Business is GitHub's enterprise AI coding assistant with additional security and compliance guarantees: code suggestions without training on customer code, audit

Microsoft 365 Copilot

Microsoft 365 Copilot is the AI assistant integrated directly into Word, Excel, PowerPoint, Outlook, Teams and SharePoint. It uses Microsoft Graph for context-based answers grounde

Identity & Access

Conditional Access

Conditional Access is Microsoft's policy engine for context-based access. At every sign-in, it evaluates signals (user, device state, location, risk score, app, sensitivity) and de

Identity and Access Management (IAM)

Identity and Access Management (IAM) encompasses all processes and technologies ensuring the right people have the right access to the right resources at the right time. In the Mic

Microsoft Entra ID

Microsoft Entra ID (formerly Azure AD) is Microsoft's cloud identity provider. It delivers authentication, single sign-on, multi-factor authentication, conditional access, identity

Microsoft Entra Identity Governance

Microsoft Entra Identity Governance delivers lifecycle workflows, access reviews and entitlement management for users, guests and external partners. Automates onboarding/offboardin

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) requires at least two independent authentication factors — something you know (password), something you have (authenticator app, FIDO2 key) or som

Passwordless Authentication

Passwordless Authentication replaces passwords with stronger factors — Windows Hello (biometrics + TPM), FIDO2 security keys, Microsoft Authenticator app. Benefits: no phishing ris

Privileged Identity Management (PIM)

Microsoft Entra Privileged Identity Management (PIM) reduces attack surface through just-in-time activation of privileged roles. Instead of permanent admin rights, admins activate

Modern Workplace

Microsoft Intune

Microsoft Intune is Microsoft's cloud-native Mobile Device Management (MDM) and Mobile Application Management (MAM). It manages Windows, macOS, iOS and Android devices through a si

Microsoft Purview

Microsoft Purview is Microsoft's unified data governance and compliance platform. It delivers Information Protection (sensitivity labels), Data Loss Prevention, Insider Risk Manage

Modern Workplace

Modern Workplace is the digital workplace concept built around Microsoft 365: cloud-based productivity tools (Teams, OneDrive, SharePoint), identity-centric access control (Entra I

Observability & FinOps

Azure Monitor

Azure Monitor is Microsoft's unified observability stack. It combines metrics, logs (Log Analytics, KQL-based), traces (Application Insights), alerts and dashboards. Scales from si

FinOps (Cloud Financial Management)

FinOps is the discipline of making cloud costs transparent, shifting responsibility into engineering teams and continuously optimising. Phases: Inform (tagging, reporting), Optimiz