Glossary of terms

Microsoft 365 Business


admin accounts

Administrative accounts have wide or even global privileges on the network. There are many different types with varying levels of access and security.


Software that automatically displays or downloads unwanted advertising material when a user is online.


Helps you remove viruses and other types of malicious programs from your computer or laptop by detecting and removing them.

attack surface

The set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from, that system, system element, or environment.



A type of malware that gives malicious hackers remote access to and control of your device.


Bring your own devices (BYODs) are laptops, PCs, tablets and mobile phones that are personally owned by members of the organization, and are typically not managed by the organization.



An attack from cyberspace. (See cyberspace.)


Participating in the destruction or theft of data and information by means of computers or the internet.


The concept of widespread interconnected digital technology, made up of computers and networks and the communication between them.


data exfiltration

Data files that are stolen and sent outside the network through email or other means.


The Microsoft Defender family includes products and services to protect against cyberthreats. It includes, but is not limited to, Microsoft Defender Antivirus, which is built into Windows 10 and 11. The Microsoft Defender family also includes Microsoft Defender for Business to help small and medium-sized businesses protect devices. Learn more about the Microsoft Defender family.

device group

A device group is a collection of devices that are grouped together because of certain specified criteria, such as operating system version. Devices that meet the criteria are included in that device group, unless you exclude them. In Microsoft 365 Business Premium (and Defender for Business), device groups are stored in Azure Active Directory.

device management

Device management is when the organization is actively protecting resources and data on all laptops, PCs, tablets and mobile devices in the organization.



Encryption is the process by which information is encoded so that only an authorized recipient can decode and consume the information.


A piece of code that uses software vulnerabilities to gain access to your device and perform other tasks, such as installing malware.



A firewall is a security system to protect an internal network from unauthorized servers and networks based on predefined rules. It acts as a barrier and only allows the secured network to send or receive data. Windows Defender Firewall is built into Windows 10 and 11. In addition, firewall protection is included in Defender for Business.



Someone who uses a computer system to gain unauthorized access to another system for data or who makes another system unavailable.


A hijacker is a form of unwanted software that modifies a web browser's settings without a user's permission, to inject unwanted advertising into the user's browser. A browser hijacker may replace the existing home page, error page, or search engine with its own. These are generally used to force hits to a particular website, increasing its advertising revenue.



Impersonation is where the sender or the sender's email domain in a message looks similar to a real sender or domain. An example impersonation of the domain is ćó User impersonation is the combination of the user's display name and email address. For example, Valeria Barrios ( might be impersonated as Valeria Barrios, but with a completely different email address.



Malware is a term used to describe malicious applications and code that can cause damage and disrupt normal use of devices. Malware can allow unauthorized access, use system resources, steal passwords, lock you out of your computer and ask for ransom, and more. Malware is the overarching name for applications and other code, like software, that Microsoft classifies more granularly as malicious software or unwanted software.

managed devices

Devices such as PCs, laptops, tablets and mobile devices that are managed by the organization. Managed devices are typically enrolled in a service like Microsoft Intune so that security policies can be pushed to the devices.

multi-factor authentication (MFA)

An authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN.


Next-generation protection

Next-generation protection in Defender for Business (and Microsoft 365 Business Premium) includes antivirus, antimalware, real-time protection, cloud protection, and regular protection updates for your company's devices. See Next-generation protection overview.


phishing attempt

Phishing attacks attempt to steal sensitive information through emails, websites, text messages, or other forms of electronic communication. They try to look like official communications from legitimate companies or individuals.

preview features

Preview features are prerelease capabilities that you can try if you have opted in to receive preview features. Learn more about preview features.


Potentially unwanted applications (PUA) are a category of software that can cause your machine to run slowly, display unexpected ads, or at worst, install other software that might be unexpected or unwanted. Microsoft Defender Antivirus blocks detected PUA files and any attempts to download, move, run, or install them. Learn more about PUA protection.



Isolating a potentially malicious file so that it can no longer be a threat to the network or system.



A type of malware that encrypts your files or makes other modifications that can prevent you from using your device. It then displays a ransom note that states you must pay money or perform other actions before you can use your device again.

remediation actions

Remediation actions are actions that are taken on detected threats. Remediation actions include, but are not limited do, sending a file to quarantine, stopping a service, removing a scheduled task, and disabling a driver. Remediation actions can occur as a result of an automated investigation, or when a threat is detected by antivirus, antimalware, and other threat protection features. To learn more, see Review remediation actions in the Action center.


Secure Score

Microsoft Secure Score is a measurement of an organization's security posture, with a higher number indicating more improvement actions taken. You can find Secure Score in the Microsoft 365 Defender portal (


When large numbers of pieces of content are sent to a large number of recipients, usually through email, and often containing malware.


When a sender spoofs an email address, and they appear to be a user in one of your organization's domains, or a user in an external domain that sends email to your organization.


Software that aims to gather information about a person or organization and send it to another entity in a way that harms the user.



A unique dedicated instance of the services of Microsoft 365 and your organization data, stored within a specific default location such as Europe or North America. This location is specified when you create the tenant for your organization.

threat landscape

The threat landscape is the realm of aggressive and tenacious threats, with attackers who have shifted their efforts from gaining recognition towards making money, such as by holding devices and data hostage until the owner pays the demanded ransom. Modern attacks increasingly focus on large scale intellectual property theft, targeted system degradation that can result in financial loss, and cyberterrorism that threatens the security of individuals, businesses, and national interests all over the world. These attackers are typically highly trained individuals and security experts, some of whom are in the employ of nation states that have large budgets and seemingly unlimited human resources.

trojan horse

A type of malware that attempts to appear harmless. Unlike a virus or a worm, a trojan doesn't spread by itself. Instead, it tries to look legitimate to trick users into downloading and installing it. Once installed, trojans perform various malicious activities such as stealing personal information, downloading other malware, or giving attackers access to your device.


unmanaged devices

Devices such as PCs, laptops, tablets and mobile devices that are not managed by the organization, and therefore pose more risk. (See BYODs.)



A piece of code that is capable of copying itself and typically has a detrimental effect, such as corrupting the system or destroying data.



A type of malware that spreads to other devices. Worms can spread through email, instant messaging, file sharing platforms, social networks, network shares, and removable drives. Sophisticated worms take advantage of software vulnerabilities to propagate.


zero trust

Zero Trust is a proactive, integrated approach to security across all layers of the digital estate that explicitly and continuously verifies every transaction, asserts least privilege, and relies on intelligence, advanced detection, and real time response to threats.