Understanding the segregation of responsibility in the cloud is critical when designing a cloud architecture.  It is essential that we understand those services and resources that fall under the responsibility of Microsoft Azure, the customer, or shared between Azure and the customer in order to manage cloud resources effectively. 
 

The segregation of responsibility and customer control is demonstrated across the 3 different Azure deployment models.

Infrastructure as a Service (IaaS): is virtual computing in the cloud and provides us the means to build full IT infrastructures. Azure will take care of the physical components while customer are mostly responsible for maintaining and governing their own infrastructure.   Examples include:

• Azure Virtual Machines
• Azure Virtual Networks
• Azure Blob Storage

Platform as a Service (PaaS):  is a platform for building, deploying and managing applications without having to worry about the infrastructure.   Azure abstracts the underlying infrastructure.  Customers are responsible for their own code, data, and applications while deploying them on infrastructure controlled by Azure.   Examples include:

• Azure App Services
• Azure Functions
• Azure SQL Database

Software as a Service (SaaS): is software applications over the internet usually available on a subscription basis.   Providers are responsible for all aspects of the application infrastructure, maintenance, and updates.  Users access the software via the internet with no responsibilities other than their data.  Examples include:

• Microsoft 365
• Azure DevOps Services
• Azure Active Directory