Copyright (c) 2025 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

1.4. The Azure Shared Responsibility Model

šŸ’” First Principle: The Shared Responsibility Model is a fundamental security principle that clearly defines the division of security obligations between the cloud provider (Microsoft) and the customer, ensuring comprehensive protection and preventing gaps in accountability.

Scenario: A company is migrating its on-premises applications to Azure and needs to understand its security obligations versus Microsoft's. They're particularly concerned about data encryption and patching operating systems on their Azure Virtual Machines.

At its core, the Azure Shared Responsibility Model is a fundamental principle clarifying security obligations in the cloud. Its core purpose is to define precisely who is accountable for what aspects of security, ensuring no gaps in protection. This model is crucial for designing secure and compliant cloud architectures.

Microsoft is responsible for "security of the cloud", encompassing the underlying infrastructure. Conversely, the customer is responsible for "security in the cloud", covering everything configured and managed within their Azure environment.

Understanding this distinction is paramount for the AZ-104 exam. It directly impacts how you design, deploy, and manage your resources securely. Misinterpreting these roles can lead to significant security vulnerabilities.

Visual: Azure Shared Responsibility Model
Loading diagram...

āš ļø Common Pitfall: Assuming that because a service is "in the cloud," Microsoft is responsible for all aspects of its security. For IaaS services like Virtual Machines, the customer is responsible for securing the guest OS, applications, and data.

Key Trade-Offs:
  • Control vs. Responsibility: As you move from IaaS to PaaS to SaaS, you cede more control to Microsoft, but you also offload more security responsibility.

Reflection Question: How does understanding this shared model empower you to design more secure and compliant cloud solutions by clearly defining which security aspects are your responsibility and which are Microsoft's?