|
| 1 | +--- |
| 2 | +title: Enforce Governance with Project Policies in Microsoft Dev Box |
| 3 | +description: Control resource use in Microsoft Dev Box with project policies that ensure compliance and streamline development workflows. |
| 4 | +#customer intent: As a platform engineer, I want to set up project policies in Microsoft Dev Box to control resource use for my development teams. |
| 5 | +author: RoseHJM |
| 6 | +ms.author: rosemalcolm |
| 7 | +ms.service: dev-box |
| 8 | +ms.topic: how-to |
| 9 | +ms.date: 05/08/2025 |
| 10 | +ms.custom: |
| 11 | + - ai-gen-docs-bap |
| 12 | + - ai-gen-description |
| 13 | + - ai-seo-date:03/28/2025 |
| 14 | + - ai-gen-title |
| 15 | +--- |
| 16 | + |
| 17 | +# Control resource use with project policies in Microsoft Dev Box |
| 18 | + |
| 19 | +Efficient resource management is critical for development teams working on diverse projects. Microsoft Dev Box uses *project policies* to help platform engineers enforce governance while maintaining flexibility. With project policies, define guardrails for resource usage on a per-project basis across your organization. This article explains how to set up and manage project policies in Dev Box to optimize resource control and governance. |
| 20 | + |
| 21 | +When policies are enforced, Dev Box checks the health of existing resource pools against the new policy settings: |
| 22 | + |
| 23 | +- **Pool health check**: Dev Box checks each resource pool for compliance with the enforced policies. |
| 24 | +- **Unhealthy pools**: A pool that doesn't meet the enforced requirements is marked unhealthy, which blocks the creation of new dev boxes in that pool. |
| 25 | +- **Existing dev boxes remain active**: Dev boxes already created in an unhealthy pool continue to function normally, letting your teams keep working without disruption. |
| 26 | + |
| 27 | +This enforcement mechanism ensures projects use only the resources they're approved for, maintaining a secure by default environment with efficient operations across all projects in a dev center. |
| 28 | + |
| 29 | +## Prerequisites |
| 30 | + |
| 31 | +- Microsoft Dev Box configured with a dev center, and projects. |
| 32 | + |
| 33 | +## Create a default project policy |
| 34 | + |
| 35 | +The first policy you create becomes the default project policy. It applies to all projects in the dev center. A default policy sets up a baseline for your projects, ensuring they have a minimum level of governance and control over accessible resources. In a default project policy, you select resources to allow, like networks, images, and SKUs. Projects use the default policy unless they have a custom project policy. If a project uses a custom policy, only the resources defined in that policy are available. If no custom policy is assigned to the project, the resources defined in the default policy are available. A project can have only one policy applied. |
| 36 | + |
| 37 | +To create a default project policy: |
| 38 | + |
| 39 | +1. Sign in to the [Azure portal](https://portal.azure.com). Navigate to your dev center, expand **Manage** in the left pane, and select **Project policy**. On the **Project policy** page, select **Create a policy**. |
| 40 | + |
| 41 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-page.png" alt-text="Screenshot of the Project policy page in the Azure portal, showing options to create a new project policy."::: |
| 42 | + |
| 43 | +1. The first policy you create is the **Default** policy. Under **Allow resources**, select the resources you want to allow for the project. You must select at least one resource for each category: images, networks, and SKUs. |
| 44 | + |
| 45 | + - In **Images**, select **Allow all current and future images**. |
| 46 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-select-images.png" alt-text="Screenshot showing the Create project policy page, with Select images highlighted."::: |
| 47 | + |
| 48 | + - In **Networks**, select **All current and future networks**. |
| 49 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-select-networks.png" alt-text="Screenshot showing the Create project policy page, with Select networks highlighted."::: |
| 50 | + |
| 51 | + - To allow specific SKU usage, in **SKUs**, select **Select a specific SKU or group of SKUs**. |
| 52 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-select-skus.png" alt-text="Screenshot showing the Create project policy page, with Select SKUs highlighted."::: |
| 53 | + |
| 54 | + - In the **Select SKUs** pane, select the SKUs you want to allow (for example, all **16 vCPU** SKUs). Confirm your selection by selecting **Select**. |
| 55 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-select-multiple-skus.png" alt-text="Screenshot showing the Select SKUs pane in the Azure portal, with multiple SKUs selected."::: |
| 56 | + |
| 57 | +1. After selecting the resources, select **Create** to finalize the policy. |
| 58 | + |
| 59 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-create.png" alt-text="Screenshot showing the Create button in the Azure portal to finalize a project policy."::: |
| 60 | + |
| 61 | +1. To confirm that the default project policy includes the resources, expand **Default**. |
| 62 | + |
| 63 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-summary.png" alt-text="Screenshot showing the summary of a default project policy in the Azure portal."::: |
| 64 | + |
| 65 | +## Create a custom project policy |
| 66 | + |
| 67 | +Custom project policies enable you to control resources for specific projects. These policies allow you to control which resources are available to projects, ensuring better governance and resource management. Each project can have only one custom policy, but the same policy can be applied to multiple projects. |
| 68 | + |
| 69 | +To create and apply a custom project policy: |
| 70 | + |
| 71 | +1. Sign in to the [Azure portal](https://portal.azure.com), go to your dev center, and in the left pane, expand **Manage**, then select **Project policy**. |
| 72 | + |
| 73 | +1. On the **Project policy** page, select **Create**. |
| 74 | + |
| 75 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-create-custom.png" alt-text="Screenshot showing the Create button for a custom project policy in the Azure portal."::: |
| 76 | + |
| 77 | + - On the **Create project policy** page, enter a **Name** for the project policy. |
| 78 | + |
| 79 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-custom-name.png" alt-text="Screenshot showing the name field for a custom project policy in the Azure portal."::: |
| 80 | + |
| 81 | + - Under **Target projects**, select **Select projects**. |
| 82 | + |
| 83 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-custom-select-projects.png" alt-text="Screenshot showing the Select projects option for a custom project policy in the Azure portal."::: |
| 84 | + |
| 85 | + - In the **Select projects** pane, select the projects you want to apply the policy to, and then select **Select**. |
| 86 | + |
| 87 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-target-projects.png" alt-text="Screenshot showing the selected target projects for a custom project policy in the Azure portal."::: |
| 88 | + |
| 89 | +1. Under **Allow resources**, select the resources you want to allow for the project. For example, to let a project use only Visual Studio 2022 images, in **Images**, select **Select a specific image or group of images**. |
| 90 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-custom-select-images.png" alt-text="Screenshot showing the Select images option for a custom project policy in the Azure portal."::: |
| 91 | + |
| 92 | + - Select all Visual Studio 2022 images. To confirm your selection, select **Select**. |
| 93 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-custom-select-multiple-images.png" alt-text="Screenshot showing the Select images pane for a custom project policy in the Azure portal."::: |
| 94 | + |
| 95 | +1. Select more resources if needed. When you finish selecting resources, select **Create**. |
| 96 | + |
| 97 | +## View policies for a project |
| 98 | +When you create a custom project policy and apply it to the target project, the default project policy doesn't apply to that project. The custom project policy must define all resources you want to allow in the project. |
| 99 | + |
| 100 | +To view the project policies that apply to projects: |
| 101 | + |
| 102 | +1. Sign in to the [Azure portal](https://portal.azure.com), navigate to your dev center, and in the left pane, expand **Manage**, then select **Project policy**. |
| 103 | + |
| 104 | +1. On the **Project policy** page, expand the custom project policy you created. |
| 105 | + |
| 106 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-custom-summary.png" alt-text="Screenshot showing the summary of an applied custom project policy in the Azure portal."::: |
| 107 | + |
| 108 | +## Edit a project policy |
| 109 | + |
| 110 | +Edit a project policy to update allowed resources, modify governance settings, or adjust resource availability as project requirements evolve. |
| 111 | + |
| 112 | +To edit a project policy: |
| 113 | + |
| 114 | +1. Sign in to the [Azure portal](https://portal.azure.com), navigate to your dev center, and in the left pane, expand **Manage**, then select **Project policy**. |
| 115 | + |
| 116 | +1. For the project policy you want to edit, scroll to the right and select **Edit**. |
| 117 | + |
| 118 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-edit.png" alt-text="Screenshot showing the Edit button for a project policy in the Azure portal."::: |
| 119 | + |
| 120 | +1. After making changes, select **Apply**. |
| 121 | + |
| 122 | +## Delete a project policy |
| 123 | + |
| 124 | +Deleting policies removes them from the projects where they are applied and applies the default policy. Delete custom policies first. You can't delete the default policy until all custom policies are deleted. |
| 125 | + |
| 126 | +To delete a project policy: |
| 127 | + |
| 128 | +1. Sign in to the [Azure portal](https://portal.azure.com). |
| 129 | + |
| 130 | +1. Go to your dev center. |
| 131 | + |
| 132 | +1. In the left pane, expand **Manage**, and select **Project policy**. |
| 133 | + |
| 134 | +1. Select the project policy to delete, and select **Delete**. |
| 135 | + |
| 136 | + :::image type="content" source="media/how-to-configure-project-policy/project-policy-delete.png" alt-text="Screenshot showing the Delete button for a project policy in the Azure portal."::: |
| 137 | + |
| 138 | +1. In the **Delete project policy**, read the message: *"Deleting a custom policy will cause a pool to become unhealthy if the pool resources are allowed by the custom policy but not allowed by the default policy."*, and select **OK**. |
| 139 | + |
| 140 | +## Related content |
| 141 | + |
| 142 | +- Learn more about [key concepts for Microsoft Dev Box](concept-dev-box-concepts.md). |
0 commit comments