Glossary of terms

Microsoft 365 Apps for Business


admin accounts

Administrative accounts have wide or even global privileges on the network. There are many different types with varying levels of access and security.


Software that automatically displays or downloads unwanted advertising material when a user is online.


Helps you remove viruses and other types of malicious programs from your computer or laptop by detecting and removing them.

attack surface

The set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment.



A type of malware that gives malicious hackers remote access to and control of your device.


Bring your own devices (BYODs) are laptops, PCs, tablets and mobile phones that are personally owned by members of the organization, and therefore, are not managed by the organization.



An attack from cyberspace. (See cyberspace.)


Participating in the destruction or theft of data and information by means of computers or the internet.


The concept of widespread interconnected digital technology, made up of computers and networks and the communication between them.


data exfiltration

Data files that are stolen and sent outside the network through email or other means.


Microsoft's antivirus software, Microsoft Defender Antivirus. For more information on Microsoft Defender, see (

Device Group

A device group is a collection of devices that are grouped together because of certain specified criteria, such as operating system version. Devices that meet the criteria are included in that device group, unless you exclude them. In Microsoft 365 Business Premium (and Defender for Business), Device groups are stored in Azure Active Directory.

device management

Device management is when the organization is actively protecting resources and data on all laptops, PCs, tablets and mobile devices in the organization.



Encryption is the process by which information is encoded so that only an authorized recipient can decode and consume the information.


A piece of code that uses software vulnerabilities to gain access to your device and perform other tasks, such as installing malware.



A Firewall is a security system to protect an internal network from unauthorized servers and networks based on predefined rules. It acts as a barrier and only allows the secured network to send or receive data.



Someone who uses a computer system to gain unauthorized access to another system for data or who makes another system unavailable.


A hijacker is a form of unwanted software that modifies a web browser's settings without a user's permission, to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or search engine with its own. These are generally used to force hits to a particular website, increasing its advertising revenue.



Impersonation is where the sender or the sender's email domain in a message looks similar to a real sender or domain. An example impersonation of the domain is ćó User impersonation is the combination of the user's display name and email address. For example, Valeria Barrios ( might be impersonated as Valeria Barrios, but with a completely different email address.



Malware is a term used to describe malicious applications and code that can cause damage and disrupt normal use of devices. Malware can allow unauthorized access, use system resources, steal passwords, lock you out of your computer and ask for ransom, and more. Malware is the overarching name for applications and other code, like software, that Microsoft classifies more granularly as malicious software or unwanted software.

managed devices

Devices such as PCs, laptops, tablets and mobile devices that are managed by the organization.

multi-factor authentication (MFA)

An authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN.


phishing attempt

Phishing attacks attempt to steal sensitive information through emails, websites, text messages, or other forms of electronic communication. They try to look like official communications from legitimate companies or individuals.



Isolating a potentially malicious file so that it can no longer be a threat to the network or system.



A type of malware that encrypts your files or makes other modifications that can prevent you from using your device. It then displays a ransom note that states you must pay money or perform other actions before you can use your device again.


Secure Score

Microsoft Secure Score is a measurement of an organization's security posture, with a higher number indicating more improvement actions taken. You can find Secure Score in the Microsoft 365 Defender portal (at


When large numbers of pieces of content are sent to a large number of recipients, usually through email, and often containing malware.


When a sender spoofs an email address, and they appear to be a user in one of your organization's domains, or a user in an external domain that sends email to your organization.


Software that aims to gather information about a person or organization and send it to another entity in a way that harms the user.



A unique dedicated instance of the services of Microsoft 365 and your organization data, stored within a specific default location such as Europe or North America. This location is specified when you create the tenant for your organization.

threat landscape

The threat landscape is the realm of aggressive and tenacious threats, with attackers who have shifted their efforts from gaining recognition towards making money, such as by holding devices and data hostage until the owner pays the demanded ransom. Modern attacks increasingly focus on large scale intellectual property theft, targeted system degradation that can result in financial loss, and cyberterrorism that threatens the security of individuals, businesses, and national interests all over the world. These attackers are typically highly trained individuals and security experts, some of whom are in the employ of nation states that have large budgets and seemingly unlimited human resources.

trojan horse

A type of malware that attempts to appear harmless. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead, it tries to look legitimate to trick users into downloading and installing it. Once installed, trojans perform various malicious activities such as stealing personal information, downloading other malware, or giving attackers access to your device.


unmanaged devices

Devices such as PCs, laptops, tablets and mobile devices that are not managed by the organization, and therefore pose more risk. (See BYODs.)



A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.



A type of malware that spreads to other devices. Worms can spread through email, instant messaging, file sharing platforms, social networks, network shares, and removable drives. Sophisticated worms take advantage of software vulnerabilities to propagate.


zero trust

Zero Trust is a proactive, integrated approach to security across all layers of the digital estate that explicitly and continuously verifies every transaction, asserts least privilege, and relies on intelligence, advanced detection, and real time response to threats.