Term/Concept Description
Management groupsLogical containers that you use for one or more subscriptions. You can define a hierarchy of management groups, subscriptions, resource groups, and resources to efficiently manage access, policies, and compliance through inheritance
SubscriptionA logical container for your resources. Each Azure resource is associated with only one subscription. Creating a subscription is the first step in adopting Azure
Azure account The email address that you provide when you create an Azure subscription is the Azure account for the subscription. The party that’s associated with the email account is responsible for the monthly costs that are incurred by the resources in the subscription. When you create an Azure account, you provide contact information and billing details, like a credit card. You can use the same Azure account (email address) for multiple subscriptions. Each subscription is associated with only one Azure account
IdentityA thing that can get authenticated. An identity can be a user with a username and password. Identities also include applications or other servers that might require authentication through secret keys or certificates.
Azure AD accountAn identity created through Azure AD or another Microsoft cloud service, such as Office 365. Identities are stored in Azure AD and accessible to your organization’s cloud service subscriptions. This account is also sometimes called a Work or school account.
Azure tenantA dedicated and trusted instance of Azure AD that’s automatically created when your organization signs up for a Microsoft cloud service subscription, such as Microsoft Azure, Microsoft Intune, or Office 365. An Azure tenant represents a single organization.
Single tenantAzure tenants that access other services in a dedicated environment are considered single tenant.
Multi-tenantAzure tenants that access other services in a shared environment, across multiple organizations, are considered multi-tenant.
Azure AD directoryEach Azure tenant has a dedicated and trusted Azure AD directory. The Azure AD directory includes the tenant’s users, groups, and apps and is used to perform identity and access management functions for tenant resources.
Custom domainEvery new Azure AD directory comes with an initial domain name, domainname.onmicrosoft.com. In addition to that initial name, you can also add your organization’s domain names, which include the names you use to do business and your users use to access your organization’s resources, to the list. Adding custom domain names helps you to create user names that are familiar to your users, such as [email protected].
Account administratorThe party associated with the email address that’s used to create an Azure subscription. The account administrator is responsible for paying for all costs that are incurred by the subscription’s resources
Service AdministratorThis classic subscription administrator role enables you to manage all Azure resources, including access. This role has the equivalent access of a user who is assigned the Owner role at the subscription scope. For more information, see Classic subscription administrator roles, Azure RBAC roles, and Azure AD administrator roles.
OwnerThis role helps you manage all Azure resources, including access. This role is built on a newer authorization system called role-base access control (RBAC) that provides fine-grained access management to Azure resources. For more information, see Classic subscription administrator roles, Azure RBAC roles, and Azure AD administrator roles.
Azure AD Global administratorThis administrator role is automatically assigned to whomever created the Azure AD tenant. Global administrators can do all of the administrative functions for Azure AD and any services that federate to Azure AD, such as Exchange Online, SharePoint Online, and Skype for Business Online. You can have multiple Global administrators, but only Global administrators can assign administrator roles (including assigning other Global administrators) to users.

This administrator role is called Global administrator in the Azure portal, but it’s called Company administrator in the Microsoft Graph API and Azure AD PowerShell.

For more information about the various administrator roles, see Administrator role permissions in Azure Active Directory.
Microsoft account (also called, MSA)Personal accounts that provide access to your consumer-oriented Microsoft products and cloud services, such as Outlook, OneDrive, Xbox LIVE, or Office 365. Your Microsoft account is created and stored in the Microsoft consumer identity account system that’s run by Microsoft.
Resource groupsLogical containers that you use to group related resources in a subscription. Each resource can exist in only one resource group. Resource groups allow for more granular grouping within a subscription, and are commonly used to represent a collection of assets required to support a workload, application, or specific function within a subscription


Azure fundamental concepts: https://docs.microsoft.com/en-us/azure/cloud-adoption-framework/ready/considerations/fundamental-concepts