Microsoft Azure Fundamentals AZ-900 Practice Exam 2026 – Complete Study Resource

Infrastructure as a Service (IaaS) requires the greatest security effort on your part because it provides the most control over the virtual infrastructure. In an IaaS model, you are responsible for managing everything from the operating system up to the applications, including the security configuration of the virtual machines, networking, and data. This level of responsibility means that you need to implement security measures such as firewalls, intrusion detection systems, encryption, and regular security updates, as well as ensure compliance with any relevant regulations.

In contrast, with Software as a Service (SaaS), the service provider manages most of the security aspects, allowing you to focus primarily on user access and data governance. Platform as a Service (PaaS) also abstracts some security responsibilities, providing tools and services that handle much of the underlying infrastructure security. Function as a Service (FaaS), being highly abstracted, requires even less direct management of security given the nature of event-driven architecture and automatic scaling, which shifts many security tasks to the provider. Thus, IaaS demands the highest level of security effort as you are more involved in managing and securing the underlying infrastructure.