Cloud synergy: Microsoft Azure and its relationship to Microsoft 365

Categories of Microsoft Azure services

Microsoft 365 is a Software as a Service (SaaS) application, which sits on and is built with Microsoft Azure IaaS and PaaS services. Microsoft Azure is a cloud computing platform which provides several fundamental building blocks for implementing business focused cloud-based solutions.  The capabilities of the Azure platform itself fit into the following three categories:

• Infrastructure as a Service (IaaS) – Fundamental components include virtual machines, storage containers, networking, firewalls and other important computing infrastructure.  These are components organisations can use to host their own servers or applications in the cloud, or which can be used by software vendors to build and host online cloud services they sell to their customers. These can also be used by Microsoft to build and host Software as a Service (such as Microsoft 365).  Migrating an organisation’s infrastructure to an IaaS solution helps reduce maintenance of on-premises data centers and save money on hardware costs.

  Microsoft Azure IaaS services are typically configured and maintained by application or cloud architects. It is paid for on a consumption basis (i.e., pay for what is used) and are often licensed with an “Azure Pay as you Go” license.  Each Azure IaaS service can have a different price per unit.

• Platform as a Service (PaaS) – Ready-to-use cloud services that can be utilised by developers and solution architects to quick build cloud-hosted business applications or online services.  Traditionally, when hosting a web application, an organisation would set up a three-tiered server environment with:
  • A database layer hosted on servers,
  • An application or business logic layer hosted on servers, and
  • A user experience layer hosted on servers.

When doing so, the organisation was responsible for setting up the servers or VMs, configuring the storage services, configuring the networking, configuring the firewalls and security and maintaining that infrastructure, whether on-premises or in the cloud (IaaS). Azure PaaS provides ready-to-use services that are required for building or hosting these types of applications. They can be quickly spun up (like spinning up a VM) and the required servers, storage, networking, security, etc., are all configured automatically.  Common examples are Azure SQL for databases, Azure App Service for hosting web-based interfaces (i.e., web sites), Azure Automation and Azure Logic Apps for automation tools, Azure Cognitive Services for machine learning tools, etc.

If an organisation needs to build an SQL database hosted in the cloud, they will traditionally create a new VM, with a storage container, as well as appropriate networking and security, and then install/configure an SQL Server within that VM. Instead, with Azure PaaS, start an Azure SQL Database, and Microsoft Azure will automatically create and configure the necessary VMs, storage containers, networking and security and will deploy/configure the SQL Server software.  The user is simply given a URL to the Azure SQL database with the credentials selected during the purchase process.  Simply start using that database, and all the infrastructure behind the scenes to host it is automatically configured, secured and maintained.

Microsoft Azure PaaS services are typically configured/maintained by application developers or DevOps teams.  They are paid for on a consumption basis (i.e., pay for what is used) and are often licensed with an “Azure Pay as you Go” license.  Each Azure PaaS service can have a different price per unit. The following diagram illustrates the differences and services available within IaaS, PaaS and SaaS capabilities:

Image

• Directory Services – Microsoft Entra ID (formerly known as Azure Active Directory, or Azure AD) represents Microsoft’s identity management and directory services capabilities. It provides storage and management for identities and groups, which are utilised across many Microsoft services, including Microsoft 365.  It also provides key security capabilities, such as:
  • Authentication and password services
  • Multi-factor authentication (MFA)
  • Group naming policy
  • Group expiration policy
  • Conditional access
  • Risk-based conditional access
  • Privileged identity management
  • Entitlement management
  • Privileged access management
  • Access reviews

Note: In early 2023, Microsoft rebranded Azure Active Directory (Azure AD) to Microsoft Entra ID. Microsoft Entra ID still includes all the great capabilities for identify management and security that were previously available as part of Azure AD.

All available Azure services can be found in this Microsoft catalog: https://azure.microsoft.com/en-us/products/.

Microsoft 365 relationship to Microsoft Azure services

Microsoft 365 is a SaaS platform, but many don’t realise it is built on Microsoft Azure IaaS and PaaS services.  More specifically:

• Microsoft 365 and Azure IaaS – Microsoft 365 is built and hosted on many thousands of VMs, storage containers, networking and security components that are provided by Azure IaaS.  These Azure IaaS services sit within the same Microsoft data center which hosts Microsoft 365 for the organisation.
• Microsoft 365 customers do not have to pay for an “Azure Pay as You Go” license or equivalent.  The license costs for Azure are all built into the Microsoft 365 license costs. All the infrastructure components behind Microsoft 365 are completely hidden, obfuscated and not accessible or visible to Microsoft 365 customers.
• Microsoft 365 and Azure PaaS – Some Microsoft 365 SaaS services may be built upon Azure PaaS services. These are likely higher-level services, such as automatic workflows built into SharePoint Online or other such services. Microsoft does not publish which services are built upon which Azure components. As with IaaS, to utilise these Microsoft 365 services organisations do not have to pay for an “Azure Pay as You Go” license or equivalent.  The license costs for Azure are all built into the Microsoft 365 license costs. All the PaaS components that may be behind Microsoft 365 are completely hidden, obfuscated and not accessible or visible to Microsoft 365 customers.
• Microsoft 365 and Microsoft Entra ID (Azure AD) – Microsoft 365 uses Azure AD as its fundamental identity management platform.  Some examples of how this service is used by Microsoft 365 are:
  • When a user authenticates to Microsoft 365, they are, in fact, authenticating to an identity in Microsoft Entra ID
  • When a user is prompted for MFA, it is Microsoft Entra ID that is providing the MFA service
  • When a user is logging into Microsoft 365 and a conditional access policy is validated as part of the login process, it is Azure AD that validates the conditional access policy and makes a policy decision about whether the user may log in or not, etc.

When using Microsoft 365, administrators can also have access to the Microsoft Entra ID admin center.  Depending on their preference, they may use either the Microsoft 365 admin center or the Microsoft Entra ID admin center to manage users, groups and MFA settings.  Other Microsoft Entra ID security services can only be managed in the Microsoft Entra ID admin center, such as conditional access policies and privileged identity management (PIM).

As with Azure IaaS and PaaS services that may be utilised to host Microsoft 365 services (once again these are not made public in relation to Microsoft 365), costs for Microsoft Entra ID are bundled into monthly license costs for Microsoft 365.  Some Microsoft Entra ID identity and security services are only available with higher-level Microsoft 365 licenses, for example, Microsoft Entra ID PIM is only available with Microsoft Entra ID (Azure AD Premium P2) licenses, which are bundled into Microsoft 365 E5 licenses.

Microsoft Azure computing services are fundamental building blocks of the Microsoft 365 SaaS platform.  End users generally do not interact with or require knowledge of the underlying Azure services, other than perhaps Microsoft Entra ID (specifically for administrators).

One of the most significant advantages of choosing both Microsoft Azure and Microsoft 365 is their seamless integration. Together, they enable businesses to build, deploy and manage applications more efficiently while improving productivity and collaboration. Microsoft Azure and Microsoft 365 are essential tools for modern businesses looking to thrive in the digital age. Azure offers a robust and scalable cloud platform, while Microsoft 365 enhances productivity and collaboration. They form a powerful combination, allowing organisations to innovate, compete and succeed in today’s dynamic business landscape.

Read the results of our 2023 Global IT Executive Survey: The Innovation vs. Technical Debt Tug-of-War.

To learn more about our Microsoft consulting solutions, contact us.