Microsoft Certified: Azure Fundamentals (AZ-900) Practice Exam 2026 - Free AZ-900 Practice Questions and Study Guide

Infrastructure as a Service (IaaS) requires the greatest security effort because, in this model, the cloud provider offers the foundational infrastructure—such as virtual machines, networking, and storage—but the customer is responsible for managing the operating systems, applications, and data hosted on that infrastructure. This level of responsibility means that the customer must implement security measures including configuring firewalls, securing data storage, patching operating systems, and managing user access, thus necessitating a more comprehensive approach to security management.

In contrast, with Platform as a Service (PaaS), the provider takes on some of the management responsibilities, handling the underlying infrastructure and the operating environment, which reduces the security burden on the customer. Similarly, Software as a Service (SaaS) shifts most security responsibilities to the provider, as it delivers fully managed applications where users simply interact with the software without needing to worry about the underlying infrastructure or platform security. Serverless computing further abstracts infrastructure concerns, allowing developers to focus solely on code without managing servers, thus minimizing security responsibilities.