You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Windows 365 is not used anymore to access the customer's images. Devbox service delegates the DevCenter MSI to Windows 365, so it can use it to access the image (instead of using the Windows 365 application).
Updated the document accordingly.
Copy file name to clipboardExpand all lines: articles/dev-box/how-to-configure-azure-compute-gallery.md
+6-24Lines changed: 6 additions & 24 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -91,11 +91,11 @@ When you create a generalized VM to capture to an image, the following issues ca
91
91
92
92
1. Run `defrag` and `chkdsk` during image creation, then disable the `chkdisk` and `defrag` scheduled tasks.
93
93
94
-
## Provide permissions for services to access a gallery
94
+
## Configure permissions to access a gallery
95
95
96
-
When you use an Azure Compute Gallery image to create a dev box definition, the Windows 365 service validates the image to ensure that it meets the requirements to be provisioned for a dev box. Microsoft Dev Box replicates the image to the regions specified in the attached network connections, so the images are present in the region required for dev box creation.
96
+
When you use an Azure Compute Gallery image to create a dev box definition, Microsoft Dev Box validates the image to ensure that it meets the requirements to be provisioned for a dev box. It also replicates the image to the regions specified in the attached network connections, so the images are present in the region required for dev box creation.
97
97
98
-
To allow the services to perform these actions, you must provide permissions to your gallery as follows.
98
+
To allow the service to perform these actions, you must provide permissions to your gallery as follows.
99
99
100
100
### Add a user-assigned identity to the dev center
101
101
@@ -118,27 +118,9 @@ To allow the services to perform these actions, you must provide permissions to
118
118
Microsoft Dev Box behaves differently depending how you attach your gallery:
119
119
120
120
- When you use the Azure portal to attach the gallery to your dev center, the Dev Box service creates the necessary role assignments automatically after you attach the gallery.
121
-
- When you use the Azure CLI to attach the gallery to your dev center, you must manually create the Windows 365 service principal and the dev center's managed identity role assignments before you attach the gallery.
121
+
- When you use the Azure CLI to attach the gallery to your dev center, you must manually create the dev center's managed identity role assignments before you attach the gallery.
122
122
123
-
Use the following steps to manually assign each role.
124
-
125
-
#### Windows 365 service principal
126
-
127
-
1. Sign in to the [Azure portal](https://portal.azure.com).
128
-
129
-
1. In the search box, enter **Azure Compute Gallery**. In the list of results, select the gallery that you want to attach to the dev center.
130
-
131
-
1. On the left menu, select **Access Control (IAM)**.
132
-
133
-
1. Select **Add** > **Add role assignment**.
134
-
135
-
1. Assign the following role. For detailed steps, see [Assign Azure roles using the Azure portal](../role-based-access-control/role-assignments-portal.yml).
136
-
137
-
| Setting | Value |
138
-
| --- | --- |
139
-
|**Role**| Select **Reader**. |
140
-
|**Assign access to**| Select **User, group, or service principal**. |
141
-
|**Members**| Search for and select **Windows 365**. |
123
+
Use the following steps to manually assign the role.
142
124
143
125
#### Managed identity for the dev center
144
126
@@ -156,7 +138,7 @@ Use the following steps to manually assign each role.
|**Members**| Search for and select the user-assigned managed identity that you created when you [added a user-assigned identity to the dev center](#add-a-user-assigned-identity-to-the-dev-center). |
158
140
159
-
You can use the same managed identity in multiple dev centers and compute galleries. Any dev center with the managed identity added has the necessary permissions to the images in the gallery that has the Owner role assignment added.
141
+
You can use the same managed identity in multiple dev centers and compute galleries. Any dev center with the managed identity added has the necessary permissions to the images in the gallery that has the Contributor role assignment added.
0 commit comments