As organizations increasingly embrace cloud-based technologies to enhance productivity and efficiency, understanding the dynamic relationship between Microsoft Azure and Microsoft 365 becomes crucial for maximizing their potential. With the power of Microsoft Azure and Microsoft 365, organizations are gaining agility and driving innovation, but what is the difference between the two? When rolling out Microsoft 365 it’s important to know that Microsoft Azure is a fundamental component of the Microsoft Cloud and important to understand the nature of Microsoft Azure and its relationship to Microsoft 365.
Over time, as businesses look to increase their footprint in the Microsoft Cloud to drive even greater agility and efficiencies, they often do this by moving workloads to Azure, integrating line of business systems or automating business processes. They also look to integrate these workloads and processes with Microsoft 365 to foster greater collaboration and access. When undertaking such initiatives, understanding the Azure services that are available and how they relate to Microsoft 365 can help businesses select the most suitable and cost-effective services to maximize their investment.
Categories of Microsoft Azure services
Microsoft 365 is a Software as a Service (SaaS) application, which sits on and is built with Microsoft Azure IaaS and PaaS services. Microsoft Azure is a cloud computing platform which provides several fundamental building blocks for implementing business focused cloud-based solutions. The capabilities of the Azure platform itself fit into the following three categories:
- Infrastructure as a Service (IaaS) – Fundamental components include virtual machines, storage containers, networking, firewalls and other important computing infrastructure. These are components organizations can use to host their own servers or applications in the cloud, or which can be used by software vendors to build and host online cloud services they sell to their customers. These can also be used by Microsoft to build and host Software as a Service (such as Microsoft 365). Migrating an organization’s infrastructure to an IaaS solution helps reduce maintenance of on-premises data centers and save money on hardware costs.
Microsoft Azure IaaS services are typically configured and maintained by application or cloud architects. It is paid for on a consumption basis (i.e., pay for what is used) and are often licensed with an “Azure Pay as you Go” license. Each Azure IaaS service can have a different price per unit.
- Platform as a Service (PaaS) – Ready-to-use cloud services that can be utilized by developers and solution architects to quick build cloud-hosted business applications or online services. Traditionally, when hosting a web application, an organization would set up a three-tiered server environment with:
- A database layer hosted on servers,
- An application or business logic layer hosted on servers, and
- A user experience layer hosted on servers.
When doing so, the organization was responsible for setting up the servers or VMs, configuring the storage services, configuring the networking, configuring the firewalls and security and maintaining that infrastructure, whether on-premises or in the cloud (IaaS). Azure PaaS provides ready-to-use services that are required for building or hosting these types of applications. They can be quickly spun up (like spinning up a VM) and the required servers, storage, networking, security, etc., are all configured automatically. Common examples are Azure SQL for databases, Azure App Service for hosting web-based interfaces (i.e., web sites), Azure Automation and Azure Logic Apps for automation tools, Azure Cognitive Services for machine learning tools, etc.
If an organization needs to build an SQL database hosted in the cloud, they will traditionally create a new VM, with a storage container, as well as appropriate networking and security, and then install/configure an SQL Server within that VM. Instead, with Azure PaaS, start an Azure SQL Database, and Microsoft Azure will automatically create and configure the necessary VMs, storage containers, networking and security and will deploy/configure the SQL Server software. The user is simply given a URL to the Azure SQL database with the credentials selected during the purchase process. Simply start using that database, and all the infrastructure behind the scenes to host it is automatically configured, secured and maintained.
Microsoft Azure PaaS services are typically configured/maintained by application developers or DevOps teams. They are paid for on a consumption basis (i.e., pay for what is used) and are often licensed with an “Azure Pay as you Go” license. Each Azure PaaS service can have a different price per unit. The following diagram illustrates the differences and services available within IaaS, PaaS and SaaS capabilities:
- Directory Services – Microsoft Entra ID (formerly known as Azure Active Directory, or Azure AD) represents Microsoft’s identity management and directory services capabilities. It provides storage and management for identities and groups, which are utilized across many Microsoft services, including Microsoft 365. It also provides key security capabilities, such as:
- Authentication and password services
- Multi-factor authentication (MFA)
- Group naming policy
- Group expiration policy
- Conditional access
- Risk-based conditional access
- Privileged identity management
- Entitlement management
- Privileged access management
- Access reviews
Note: In early 2023, Microsoft rebranded Azure Active Directory (Azure AD) to Microsoft Entra ID. Microsoft Entra ID still includes all the great capabilities for identify management and security that were previously available as part of Azure AD.
All available Azure services can be found in this Microsoft catalog: https://azure.microsoft.com/en-us/products/.
Microsoft 365 relationship to Microsoft Azure services
Microsoft 365 is a SaaS platform, but many don’t realize it is built on Microsoft Azure IaaS and PaaS services. More specifically:
- Microsoft 365 and Azure IaaS – Microsoft 365 is built and hosted on many thousands of VMs, storage containers, networking and security components that are provided by Azure IaaS. These Azure IaaS services sit within the same Microsoft data center which hosts Microsoft 365 for the organization.
- Microsoft 365 customers do not have to pay for an “Azure Pay as You Go” license or equivalent. The license costs for Azure are all built into the Microsoft 365 license costs. All the infrastructure components behind Microsoft 365 are completely hidden, obfuscated and not accessible or visible to Microsoft 365 customers.
- Microsoft 365 and Azure PaaS – Some Microsoft 365 SaaS services may be built upon Azure PaaS services. These are likely higher-level services, such as automatic workflows built into SharePoint Online or other such services. Microsoft does not publish which services are built upon which Azure components. As with IaaS, to utilize these Microsoft 365 services organizations do not have to pay for an “Azure Pay as You Go” license or equivalent. The license costs for Azure are all built into the Microsoft 365 license costs. All the PaaS components that may be behind Microsoft 365 are completely hidden, obfuscated and not accessible or visible to Microsoft 365 customers.
- Microsoft 365 and Microsoft Entra ID (Azure AD) – Microsoft 365 uses Azure AD as its fundamental identity management platform. Some examples of how this service is used by Microsoft 365 are:
- When a user authenticates to Microsoft 365, they are, in fact, authenticating to an identity in Microsoft Entra ID
- When a user is prompted for MFA, it is Microsoft Entra ID that is providing the MFA service
- When a user is logging into Microsoft 365 and a conditional access policy is validated as part of the login process, it is Azure AD that validates the conditional access policy and makes a policy decision about whether the user may log in or not, etc.
When using Microsoft 365, administrators can also have access to the Microsoft Entra ID admin center. Depending on their preference, they may use either the Microsoft 365 admin center or the Microsoft Entra ID admin center to manage users, groups and MFA settings. Other Microsoft Entra ID security services can only be managed in the Microsoft Entra ID admin center, such as conditional access policies and privileged identity management (PIM).
As with Azure IaaS and PaaS services that may be utilized to host Microsoft 365 services (once again these are not made public in relation to Microsoft 365), costs for Microsoft Entra ID are bundled into monthly license costs for Microsoft 365. Some Microsoft Entra ID identity and security services are only available with higher-level Microsoft 365 licenses, for example, Microsoft Entra ID PIM is only available with Microsoft Entra ID (Azure AD Premium P2) licenses, which are bundled into Microsoft 365 E5 licenses.
Microsoft Azure computing services are fundamental building blocks of the Microsoft 365 SaaS platform. End users generally do not interact with or require knowledge of the underlying Azure services, other than perhaps Microsoft Entra ID (specifically for administrators).
One of the most significant advantages of choosing both Microsoft Azure and Microsoft 365 is their seamless integration. Together, they enable businesses to build, deploy and manage applications more efficiently while improving productivity and collaboration. Microsoft Azure and Microsoft 365 are essential tools for modern businesses looking to thrive in the digital age. Azure offers a robust and scalable cloud platform, while Microsoft 365 enhances productivity and collaboration. They form a powerful combination, allowing organizations to innovate, compete and succeed in today’s dynamic business landscape.
Read the results of our 2023 Global IT Executive Survey: The Innovation vs. Technical Debt Tug-of-War.