Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.
1.3.1. Responsibility by Service Model
| Responsibility | IaaS | PaaS | SaaS |
|---|---|---|---|
| Data classification & protection | You | You | You |
| Identity & access management | You | You | You |
| Application security | You | You | Microsoft |
| Network controls | You | Shared | Microsoft |
| Operating system | You | Microsoft | Microsoft |
| Physical hosts | Microsoft | Microsoft | Microsoft |
⚠️ Exam Trap: Questions may present scenarios where a security control "should" work but doesn't because it's in Microsoft's domain (or vice versa). For example, you cannot install antivirus on Azure App Service—Microsoft handles OS-level security for PaaS. You must use Defender for App Service instead.
Written byAlvin Varughese
Founder•15 professional certifications