1.3.2. Your Security Responsibilities in Azure

Regardless of service model, you are ALWAYS responsible for:

1. Data — Classification, encryption decisions, access control
2. Identities — Who can access what, MFA, credential management
3. Endpoints — Devices accessing your resources
4. Accounts — User and service account lifecycle

Scenario: Your company deploys an Azure SQL Database (PaaS). Microsoft patches the underlying OS and SQL engine—you don't manage that. But you ARE responsible for: who can connect (firewall rules, Entra authentication), what they can see (RBAC, dynamic data masking), and whether data is encrypted with your keys (TDE with customer-managed keys).