Cyber Intelligence
Cloud Concepts · 25-30% of exam

L2. Cloud Service Models: IaaS, PaaS, and SaaS

Video generating

Check back soon for the video lesson on Cloud Service Models: IaaS, PaaS, and SaaS

IaaS, PaaS, and SaaS define how much control you retain versus how much the cloud provider manages. The AZ-900 exam tests which model applies to specific Azure services and customer scenarios.

The Three Cloud Service Models

The AZ-900 exam tests these three service models extensively because they define the boundary between what Microsoft manages and what you manage. Getting this boundary wrong leads to security misconfigurations and exam failures.

IaaS: Infrastructure as a Service

With IaaS, the cloud provider manages the physical hardware, network, and virtualization layer. You manage everything above that: the operating system, middleware, runtime, data, and application. What you manage: OS, patches, runtimes, middleware, applications, data, networking configuration What Azure manages: Physical servers, storage hardware, physical network, hypervisor Azure IaaS examples: Azure Virtual Machines, Azure Disk Storage, Azure Virtual Network Use case: Migrating an existing on-premises workload ("lift and shift") where you want maximum control over the environment.

PaaS: Platform as a Service

With PaaS, the cloud provider manages the infrastructure AND the operating system and runtime. You focus on deploying and managing your application and data. What you manage: Applications and data What Azure manages: Everything below the application: OS, middleware, runtime, infrastructure Azure PaaS examples: Azure App Service, Azure SQL Database, Azure Functions, Azure Kubernetes Service (managed control plane), Azure Cosmos DB Use case: Developers want to focus on writing code without managing servers or patching operating systems.

SaaS: Software as a Service

With SaaS, the provider manages everything. You consume the software through a web browser or client. You only configure and use the application. What you manage: User configuration and data (within the application) What Azure manages: Everything including the application itself Azure SaaS examples: Microsoft 365, Microsoft Teams, Dynamics 365, Azure DevOps (hosted) Use case: End-users who need a ready-to-use business application.

Shared Responsibility Summary

ResponsibilityIaaSPaaSSaaS
ApplicationsCustomerCustomerProvider
RuntimeCustomerProviderProvider
OSCustomerProviderProvider
VirtualizationProviderProviderProvider
Physical hardwareProviderProviderProvider
Exam tip: Azure Virtual Machines is always IaaS. Azure App Service and Azure SQL Database are always PaaS. Microsoft 365 is always SaaS.

Exam Focus Points
  • IaaS: you manage the OS and above; Azure manages hardware and virtualization
  • PaaS: you manage applications and data only; Azure manages OS, runtime, and infrastructure
  • SaaS: you configure and use the app; Azure manages everything including the software
  • Azure Virtual Machines = IaaS; Azure App Service = PaaS; Microsoft 365 = SaaS
  • The shared responsibility boundary shifts with each model: more to the provider as you move from IaaS to SaaS
Knowledge Check

1. A development team wants to deploy a web application without managing the underlying operating system or runtime. Which service model is most appropriate?

2. Which of the following is an example of SaaS in the Microsoft Azure ecosystem?

Recommended: Pluralsight

This free course covers the theory. Pluralsight adds guided video paths, hands-on Azure labs, and timed practice exams to help you pass AZ-900 with confidence.

Start AZ-900 prep free10-day free trial available