You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/dev-box/how-to-configure-project-policy.md
+29-25Lines changed: 29 additions & 25 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,25 +15,26 @@ ms.custom:
15
15
16
16
# Control resource use with project policies in Microsoft Dev Box
17
17
18
-
Efficient resource management is critical for development teams working on diverse projects. Microsoft Dev Box uses **project policies** to help platform engineers enforce governance while maintaining flexibility. With project policies, you can define guardrails for resource usage on a per-project basis across your organization. This article explains how to set up and manage project policies in Dev Box to optimize resource control and governance.
18
+
Efficient resource management is critical for development teams working on diverse projects. Microsoft Dev Box uses *project policies* to help platform engineers enforce governance while maintaining flexibility. With project policies, you can define guardrails for resource usage on a per-project basis across your organization. This article explains how to set up and manage project policies in Dev Box to optimize resource control and governance.
19
19
20
20
When policies are enforced, Dev Box evaluates the health of existing resource pools against the new policy settings:
21
21
22
22
-**Pool health check**: Dev Box evaluates each resource pool to check compliance with the enforced policies.
23
-
-**Unhealthy pools**: If a pool doesn't meet the enforced requirements, it's marked as unhealthy, blocking the creation of new Dev Boxes in that pool.
24
-
-**Existing Dev Boxes remain active**: Dev Boxes already created in an unhealthy pool continue to function normally, so your teams can keep working without disruption.
23
+
-**Unhealthy pools**: A pool that doesn't meet the enforced requirements is marked as unhealthy, blocking the creation of new dev boxes in that pool.
24
+
-**Existing dev boxes remain active**: dev boxes already created in an unhealthy pool continue to function normally, so your teams can keep working without disruption.
25
25
26
-
This enforcement mechanism ensures projects access only the resources they're approved for, maintaining a secure-by-default environment with efficient operations across all projects in the Dev Center.
26
+
This enforcement mechanism ensures projects access only the resources they're approved for, maintaining a secure-by-default environment with efficient operations across all projects in a dev center.
27
27
28
28
## Prerequisites
29
29
- Microsoft Dev Box configured with a dev center and projects.
30
30
31
-
## Create a default policy
32
-
The first policy you create is the default policy, which applies to all projects in the dev center. This is a good way to set up a baseline for your projects, ensuring that all projects have a minimum level of governance and control over the resources they can access. In a default policy, you select resources to restrict, such as networks, images, and SKUs.
31
+
## Create a default project policy
33
32
34
-
Projects apply the default policy unless they have a custom project policy. This means that projects with a custom policy can access resources that aren't available to projects without a custom policy. In other words, projects with a custom policy can access resources that aren't available to all projects in the dev center.
33
+
The first policy you create is the default project policy, which applies to all projects in the dev center. A default policy is an effective way to set up a baseline for your projects, ensuring that all projects have a minimum level of governance and control over the resources they can access. In a default project policy, you select resources to allow, like networks, images, and SKUs.
35
34
36
-
To create a default policy:
35
+
Projects apply the default policy unless they have a custom project policy. If a project has custom policy applied, then only the resources defined in custom policy are available to the project. If there's no custom policy assigned to the project, then the resources defined in the Default policy are available to the project. A project can only have one policy applied to it.
36
+
37
+
To create a default project policy:
37
38
38
39
1. Sign in to the [Azure portal](https://portal.azure.com).
39
40
1. Navigate to your dev center.
@@ -42,32 +43,37 @@ To create a default policy:
42
43
43
44
:::image type="content" source="media/how-to-configure-project-policy/project-policy-page.png" alt-text="Screenshot of the Project policy page in the Azure portal, showing options to create a new project policy.":::
44
45
45
-
1. The name of the policy is **default**.
46
+
1. The name of the policy is **Default**.
46
47
47
48
:::image type="content" source="media/how-to-configure-project-policy/project-policy-default-name.png" alt-text="Screenshot showing the default project policy name field in the Azure portal.":::
48
49
49
-
1. Under **Allow resources**, select the resources you want to allow for the project. You must select at least one resource for each category: images, networks, and SKUs. To restrict SKU usage, select **Select SKUs**.
50
-
51
-
:::image type="content" source="media/how-to-configure-project-policy/project-policy-select-skus.png" alt-text="Screenshot showing the Select SKUs pane in the Azure portal, with options to restrict SKU usage for a project.":::
52
-
53
-
1. In the **Select SKUs** pane, select **A specific SKU or group of SKUs**, and then select the SKUs you want to allow. In this example, you can select all the **16 vCPU** SKUs. To confirm your selection, select **Select**.
54
-
55
-
:::image type="content" source="media/how-to-configure-project-policy/project-policy-select-multiple-skus.png" alt-text="Screenshot showing the Select SKUs pane in the Azure portal, with multiple SKUs selected for a project policy.":::
50
+
1. Under **Allow resources**, select the resources you want to allow for the project. You must select at least one resource for each category: images, networks, and SKUs.
56
51
57
52
1. Select **Select images**.
53
+
58
54
1. In the **Select images** pane, to allow all current and future images for projects, select **All current and future images**, and then select **Select**.
55
+
59
56
1. Select **Select networks**.
57
+
60
58
1. In the **Select networks** pane, to allow all current and future networks for projects, select **All current and future networks**, and then select **Select**.
61
59
62
60
:::image type="content" source="media/how-to-configure-project-policy/project-policy-create.png" alt-text="Screenshot showing the Create button in the Azure portal to finalize a project policy.":::
63
61
62
+
1. To allow specific SKU usage, select **Select SKUs**.
63
+
64
+
:::image type="content" source="media/how-to-configure-project-policy/project-policy-select-skus.png" alt-text="Screenshot showing the Select SKUs pane in the Azure portal, with options to allow SKU usage for a project.":::
65
+
66
+
1. In the **Select SKUs** pane, select **A specific SKU or group of SKUs**, and then select the SKUs you want to allow. In this example, you can select all the **16 vCPU** SKUs. To confirm your selection, select **Select**.
67
+
68
+
:::image type="content" source="media/how-to-configure-project-policy/project-policy-select-multiple-skus.png" alt-text="Screenshot showing the Select SKUs pane in the Azure portal, with multiple SKUs selected for a project policy.":::
69
+
64
70
1. When you finish selecting the resources, select **Create**.
65
-
1. To confirm that the default policy applies the resources, expand **default**.
71
+
1. To confirm that the default project policy applies the resources, expand **Default**.
66
72
67
73
:::image type="content" source="media/how-to-configure-project-policy/project-policy-summary.png" alt-text="Screenshot showing the summary of a default project policy in the Azure portal.":::
68
74
69
-
## Create a Project policy
70
-
Custom project policies enable you to control resources for specific projects. These policies allow you to control and restrict resources available to projects, ensuring better governance and resource management. Each project can have only one custom policy, but the same policy can be applied to multiple projects. These policies allow you to control and restrict resources available to projects, ensuring better governance and resource management.
75
+
## Create a custom project policy
76
+
Custom project policies enable you to control resources for specific projects. These policies allow you to control which resources are available to projects, ensuring better governance and resource management. Each project can have only one custom policy, but the same policy can be applied to multiple projects.
71
77
72
78
To create and apply a custom project policy:
73
79
@@ -90,8 +96,8 @@ To create and apply a custom project policy:
90
96
91
97
:::image type="content" source="media/how-to-configure-project-policy/project-policy-target-projects.png" alt-text="Screenshot showing the selected target projects for a custom project policy in the Azure portal.":::
92
98
93
-
1. Under **Allow resources**, select the resources you want to restrict for the project.
94
-
For example, to restrict a project to only use Visual Studio 2022 images, select **Select images**, and then select all Visual Studio 2022 images. To confirm your selection, select **Select**.
99
+
1. Under **Allow resources**, select the resources you want to allow for the project.
100
+
For example, to allow a project to only use Visual Studio 2022 images, select **Select images**, and then select all Visual Studio 2022 images. To confirm your selection, select **Select**.
95
101
96
102
:::image type="content" source="media/how-to-configure-project-policy/project-policy-custom-select-images.png" alt-text="Screenshot showing the Select images pane for a custom project policy in the Azure portal.":::
97
103
@@ -111,8 +117,7 @@ To confirm that the project policy is applied to the project:
111
117
112
118
:::image type="content" source="media/how-to-configure-project-policy/project-policy-custom-summary.png" alt-text="Screenshot showing the summary of an applied custom project policy in the Azure portal.":::
113
119
114
-
The default policy and the project policy restrictions are combined. For example, if the default policy restricts the project to only use 16 vCPU SKUs, and the project policy restricts the project to only use Visual Studio 2022, the project can use both 16 vCPU SKUs and Visual Studio 2022 images.
115
-
120
+
Once you create a custom project policy and apply it to the target project, the default project policy no longer applies to that project. The custom project policy must define all the resources you want to allow in the project.
116
121
117
122
## Edit a project policy
118
123
@@ -127,5 +132,4 @@ The default policy and the project policy restrictions are combined. For example
127
132
128
133
## Related content
129
134
130
-
-[Autostop your Dev Boxes on schedule](how-to-configure-stop-schedule.md)
131
-
-[Control costs by setting dev box limits on a project](tutorial-dev-box-limits.md)
135
+
-[Key concepts for Microsoft Dev Box](concept-dev-box-concepts.md)
0 commit comments