No matter where you applications run, you have to make sure that you pen test them. When you pen test on -premises, you have total control over your network. You just let you network people know that you're going to be doing some pen testing and they take that into account when they see their security sensors light up.
Things are a bit different in the cloud. When you pen test your applications in the cloud, the cloud service provider needs to know what's going on. As far as they know, your service is under attack and they will take countermeasures to shut down your testing, which might lead to them shutting down your service. You don't want that to happen!
If you're hosting services in the Azure cloud, you want to make sure that Microsoft knows what you're doing. There's a way to let them know, as well as get information on what you can and cannot do when pen testing your Azure situated application.
Find out more in the blog post Pen Testing Your Applications Microsoft Azure.