You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -172,34 +172,106 @@ When you create custom VM images, also consider using [dev box customization tas
172
172
Learn more about how to [configure a compute gallery for a dev center](./how-to-configure-azure-compute-gallery.md).
173
173
174
174
### Step 7: Attach catalog
175
-
- create repo
176
-
- add customization tasks
177
-
178
-
### Step x: Create dev box definitions
179
-
- align with dev team leads
180
-
- shared among all projects
181
-
- link compute resources & VM image
182
-
- GPU vs CPU needs
183
-
- Consider pricing
184
-
185
-
### Step x: Create projects
186
-
- Assign security group for Project admins
187
-
- Assign security group for dev box users
188
-
- consider limitations of dev boxes per developer
189
-
190
-
### Step x: Create dev box pools
191
-
- Owner: Project admin
192
-
- links dev box definition & network connection
193
-
- Consider location of developers
194
-
- Consider auto-stop
195
-
196
-
### Step x: Configure dev box access
197
-
RDP vs browser
198
-
199
-
### Step x: Configure Microsoft Intune
200
-
- device configuration
201
-
- licenses
202
-
- conditional access policies
175
+
176
+
Dev box users can customize their dev box by using setup tasks, for example to install additional software, clone a repository, and more. These tasks are run as part of the dev box creation process. By using dev box customization and setup tasks, you can reduce the number of VM images that you need to maintain for your projects.
177
+
178
+
Setup tasks are defined in a catalog, which can be GitHub repository or an Azure DevOps repository. Attach one or more catalogs to the dev center. All tasks are available for all dev boxes created across all projects in a dev center.
179
+
180
+
Microsoft provides a quick start catalog to help you get started with customizations. This catalog includes a default set of tasks that define common setup tasks, such as installing software with WinGet or Chocolatey, cloning a repo, configuring applications, or running PowerShell scripts.
181
+
182
+
Consider attaching a catalog in the following cases:
183
+
184
+
- Dev box users have individual customization requirements for their dev box
185
+
- You want to provide development teams with a set of standardized options to customize their dev box
186
+
- You want to limit the number of VM images and dev box definitions to maintain
187
+
188
+
Consider creating a new catalog if the tasks in the quick start catalog are insufficient. You can attach both the quick start catalog and your own catalogs to the dev center.
189
+
190
+
Learn how to [create dev box customizations](./how-to-customize-dev-box-setup-tasks.md).
191
+
192
+
### Step 8: Create dev box definitions
193
+
194
+
A dev box definition contains the configuration of a dev box by specifying the VM image, compute resources, such as memory and CPUs/GPUs, and storage.
195
+
196
+
You configure dev box definitions at the level of a dev center. All dev center projects share the dev box definitions in the dev center.
197
+
198
+
Consider creating one or more dev box definitions in the following cases:
199
+
200
+
- Development teams require different VM images because they need another operating system version or other applications.
201
+
- Development teams have different compute resource requirements. For example, data science teams might need a dev box with GPUs, and database administrators might need a machine with lots of storage and memory.
202
+
203
+
Consider the cost of the compute resources associated with a dev box definition to assess to total cost of your deployment.
204
+
205
+
### Step 9: Create projects
206
+
207
+
In Microsoft Dev Box, you create and associate a project with a dev center. A project typically corresponds with a development project within your organization. For example, you might create a project for the development of a line of business application, and another project for the development of the company website.
208
+
209
+
Within a project, you define the list of [dev box pools](#step-x-create-dev-box-pools) that are available for dev box users to create dev boxes. At the project level, you can specify a limit to the number of dev boxes a dev box user can create.
210
+
211
+
Microsoft Dev Box uses Azure role-based access control (Azure RBAC) to grant access to functionality at the project level:
212
+
213
+
- Grant project administrators access to perform administrative tasks on Microsoft Dev Box projects (Project Admin role)
214
+
- Grant dev box users access to create and manage their dev boxes in a Dev Box project (Dev Box User role)
215
+
216
+
Consider using a Microsoft Entra ID group for managing access for dev box users and administrators of a project.
217
+
218
+
Consider creating a dev center project in the following cases:
219
+
220
+
- You want to provide a development team with a set of standardized cloud developer workstations for their software development project
221
+
- You have multiple development projects that have separate project adminstrators and access permissions
222
+
223
+
Learn more about [how to create and manage projects](./how-to-manage-dev-box-projects.md).
224
+
225
+
### Step 10: Create dev box pools
226
+
227
+
Within a project, a project admin can create one or more dev box pools. Dev box users use the developer portal to select a dev box pool for creating their dev box.
228
+
229
+
A dev box pool links a dev box definition with a [network connection](#step-5-configure-network-connections). You can choose from Microsoft-hosted connections or your own Azure network connections. The location of the network connection determines the location where a dev box is hosted. Consider creating a dev box pool with a network connection nearest the dev box users.
230
+
231
+
To reduce the cost of running dev boxes, you can configure dev boxes in a dev box pool to shut down daily at a predefined time.
232
+
233
+
Consider creating a dev box pool in the following cases:
234
+
235
+
- Create a dev box pool for each dev box definition that is needed by the development team.
236
+
- To reduce the network latency, create a dev box pool for each geographical location where you have dev box users. Choose a network connection that is nearest the dev box user.
237
+
- Create a dev box pool for developers that need access to other Azure resources or on-premises resources. Select from the list of [Azure network connections](#step-5-configure-network-connections) in the dev center when you configure the dev box pool.
238
+
239
+
Learn more about [how to create and manage dev box pools](./how-to-manage-dev-box-pools.md).
240
+
241
+
### Step 11: Configure Microsoft Intune
242
+
243
+
Microsoft Dev Box uses Microsoft Intune to manage your dev boxes. Use Microsoft Intune Admin Center to configure the Intune settings related to your Dev Box deployment.
244
+
245
+
> [!NOTE]
246
+
> Every Dev Box user needs one Microsoft Intune license and can create multiple dev boxes.
247
+
248
+
#### Device configuration
249
+
250
+
After a dev box is provisioned, you can manage it like any other Windows device in Microsoft Intune. For example, you can create [device configuration profiles](/mem/intune/configuration/device-profiles) to turn different settings on and off in Windows, or push apps and updates to your users’ dev boxes.
251
+
252
+
#### Configure conditional access policies
253
+
254
+
You can use Intune to configure conditional access policies to control access to dev boxes. For Dev Box, it’s common to configure conditional access policies to restrict who can access dev box, what they can do, and where they can access from. To configure conditional access policies, you can use Microsoft Intune to create dynamic device groups and conditional access policies.
255
+
256
+
Some usage scenarios for conditional access in Microsoft Dev Box include:
257
+
258
+
- Restricting access to dev box to only managed devices
259
+
- Restricting the ability to copy/paste from the dev box
260
+
- Restricting access to dev box from only certain geographies
261
+
262
+
Learn how you can [configure conditional access policies for Dev Box](./how-to-configure-intune-conditional-access-policies.md).
263
+
264
+
#### Backup and restore a dev box
265
+
266
+
Microsoft Intune provides backup functionality for dev boxes. It automatically sets regular restore points, and enables you to create a manual restore point, just as you would for a [Cloud PC](/windows-365/enterprise/create-manual-restore-point).
267
+
268
+
Restore functionality for dev boxes is provided by sharing Cloud PC restore points to a storage account. For more information, see: [Share Cloud PC restore points to an Azure Storage Account](/windows-365/enterprise/share-restore-points-storage)
269
+
270
+
#### Privilege management
271
+
272
+
You can configure Microsoft Intune Endpoint Privilege Management (EPM) for dev boxes so that dev box users don't need local administrative privileges. Microsoft Intune Endpoint Privilege Management allows your organization’s users to run as a standard user (without administrator rights) and complete tasks that require elevated privileges. Tasks that commonly require administrative privileges are application installs (like Microsoft 365 Applications), updating device drivers, and running certain Windows diagnostics.
273
+
274
+
Learn more about how to [configure Microsoft Intune Endpoint Privilege for Microsoft Dev Box](./how-to-elevate-privilege-dev-box.md).
0 commit comments