Cloud Service Models (IaaS, PaaS, SaaS)

Quick Answer: The three cloud service models are IaaS (you manage the OS and up), PaaS (you manage only your application and data), and SaaS (the provider manages everything, you just use the software). Azure VMs = IaaS, Azure App Service = PaaS, Microsoft 365 = SaaS.

Understanding the three cloud service models and their shared responsibilities is one of the most frequently tested AZ-900 topics. Each model defines a different level of abstraction and a different division of responsibility between you (the customer) and Microsoft (the cloud provider).

The Three Service Models

Infrastructure as a Service (IaaS)

IaaS provides the most flexibility and customer control. The cloud provider manages the physical infrastructure (hardware, networking, data center), while you manage everything from the operating system up.

What Azure manages: Physical hardware, networking, data center (power, cooling, physical security) What you manage: Operating system, middleware, runtime, applications, data, patching, security configuration

Azure IaaS Examples:

• Azure Virtual Machines — You choose the OS, install software, manage patching
• Azure Virtual Networks — You design and manage network topology
• Azure Disk Storage — You manage data on attached disks

Use Cases:

• Migrating existing on-premises workloads to the cloud ("lift and shift")
• Running custom or legacy applications that require specific OS configurations
• Development and testing environments that need full control
• High-performance computing (HPC) workloads

Platform as a Service (PaaS)

PaaS provides a managed platform for building, testing, and deploying applications. The cloud provider manages the operating system, middleware, and runtime — you focus only on your application code and data.

What Azure manages: Physical hardware, networking, OS, middleware, runtime, patching, scaling What you manage: Applications, data, and some configuration settings

Azure PaaS Examples:

• Azure App Service — Deploy web apps without managing servers or OS
• Azure SQL Database — Managed relational database (no SQL Server patching)
• Azure Functions — Serverless compute that runs your code on demand
• Azure Cosmos DB — Globally distributed, managed NoSQL database

Use Cases:

• Building and deploying web applications and APIs quickly
• Developers who want to focus on code, not infrastructure
• Rapid prototyping and agile development
• Microservices architectures

Software as a Service (SaaS)

SaaS delivers complete applications over the internet. The cloud provider manages everything — infrastructure, platform, and application. You simply use the software, typically through a web browser.

What Azure/Microsoft manages: Everything — infrastructure, platform, application, updates, security What you manage: Your data and some configuration settings (users, permissions)

SaaS Examples:

• Microsoft 365 (Word, Excel, Teams, Outlook online)
• Microsoft Dynamics 365 (CRM and ERP)
• OneDrive (cloud file storage)

Use Cases:

• Email and collaboration (Microsoft 365, Teams)
• Customer relationship management (Dynamics 365)
• Any scenario where users need ready-to-use software without installation or maintenance

Service Model Comparison Table

On the Exam: You will see questions asking you to identify which service model a given scenario describes. Remember the key differentiator: who manages the operating system? IaaS = you; PaaS/SaaS = provider.

The Shared Responsibility Model

The shared responsibility model defines which security responsibilities belong to the cloud provider (Microsoft) and which belong to the customer. This division changes based on the service model:

On the Exam: The shared responsibility model is one of the TOP tested concepts. Remember: the customer is ALWAYS responsible for their data, accounts, identities, and devices — regardless of the service model. Microsoft is ALWAYS responsible for the physical infrastructure.

Serverless Computing

Serverless computing is an evolution of PaaS that further abstracts infrastructure management. You write code, and the cloud platform handles everything else — provisioning, scaling, and billing is based on actual execution rather than pre-allocated resources.

Azure Serverless Examples:

• Azure Functions — Event-driven code execution (pay per execution)
• Azure Logic Apps — Visual workflow automation (pay per action)
• Azure Event Grid — Event routing (pay per event)

Key Serverless Characteristics:

• No server management — You never provision or manage VMs
• Event-driven — Code runs in response to triggers (HTTP request, timer, queue message)
• Automatic scaling — Scales from zero to thousands of instances automatically
• Micro-billing — Pay only for the time your code actually runs (per-millisecond billing)