Edit

Share via

Configure access to Microsoft Dev Box projects

This article explains how to grant administrators and developers access to Microsoft Dev Box projects. Use Azure role-based access control (Azure RBAC) to assign the built-in DevCenter roles at the project level.

Dev Box has the following built-in roles:

Role Description
DevCenter Project Admin - View network connections attached to the dev center
- View dev box definitions attached to the dev center
- Create, view, update, and delete dev box pools in the project
DevCenter Dev Box User - View pools within a project
- Create dev boxes
- Connect to a dev box
- Manage dev boxes they created
- Delete dev boxes they created

You can create multiple Microsoft Dev Box projects in the dev center to align with each team's specific requirements. By using the built-in DevCenter Project Admin role, you can delegate project administration to a member of a team. Project admins can use the network connections and dev box definitions configured at the dev center level to create and manage dev box pools within their project.

Team members must have access to a specific Microsoft Dev Box project before they can create dev boxes. Use the built-in DevCenter Dev Box User role to assign permissions to Active Directory users or groups. You assign the role at the project level in Microsoft Dev Box.

Prerequisites

  • You must have an Azure account with permission to create role assignments on the project.
  • You must have a dev center and at least one project.

Permissions required

To create role assignments, you need permission to create role assignments on the target resource. Specifically:

  • Required permission actions:

    • Microsoft.Authorization/roleAssignments/write
    • Microsoft.Authorization/roleAssignments/read (for verification)
    • Microsoft.Authorization/roleDefinitions/read (to list available roles)

  • Recommended built-in roles that include these actions:

    • Owner
    • User Access Administrator

If your organization uses custom roles, ensure the role includes Microsoft.Authorization/roleAssignments/write for the intended scope.

Assign DevCenter Project Admin role

To grant a user project admin permission in Microsoft Dev Box, assign the DevCenter Project Admin role at the project level.

  1. Sign in to the Azure portal.

  2. In the search box, enter projects. In the list of results, select Projects.

  3. Select the project that you want to give your team members access to.

    Screenshot of the Projects list showing projects grid and search results in the Azure portal.

  4. On the left, select Access Control (IAM).

    Screenshot of the project's Access Control (IAM) tab showing role assignments in the Azure portal.

  5. Select Add > Add role assignment.

  6. Assign the following role. For detailed steps, see Assign Azure roles using the Azure portal.

    Setting Value
    Role Select DevCenter Project Admin.
    Assign access to Select User, group, or service principal.
    Members Select the users or groups that need admin access to the project.

    Screenshot of the Add role assignment pane with DevCenter Project Admin role selected in the Azure portal.

The users can now manage the project and create dev box pools within it.

Important

A user who is assigned the Dev Box User role or the Project Admin role can create a dev box.

Verify the role assignment: On the project's Access Control (IAM) page, confirm the new member appears for the DevCenter Project Admin role.

Assign DevCenter Dev Box User role

To grant a user access to create and manage dev boxes in Microsoft Dev Box, assign the DevCenter Dev Box User role at the project level.

  1. Sign in to the Azure portal.

  2. In the search box, enter projects. In the list of results, select Projects.

  3. Select the project that you want to give your team members access to.

    Screenshot of the Projects list with a project selected to assign DevCenter roles in the Azure portal.

  4. On the left menu, select Access Control (IAM).

  5. Select Add > Add role assignment.

  6. Assign the following role. For detailed steps, see Assign Azure roles using the Azure portal.

    Setting Value
    Role Select DevCenter Dev Box User.
    Assign access to Select User, group, or service principal.
    Members Select the users or groups that you want to have access to the project.

    Screenshot of the Add role assignment pane with DevCenter Dev Box User role selected in the Azure portal.

Users can now view the project and all pools within it. Dev box users can create dev boxes from any pool and manage them from the developer portal.

Note

Microsoft Dev Box supports work and school accounts. It doesn't support the use of guest accounts or personal accounts.

Important

A dev box is automatically started and running when the creation process finishes. Dev boxes incur costs whenever they're running.

Troubleshooting

  • Role assignment propagation can take a minute; refresh the portal and wait a short time before retrying.
  • If you get an authorization error, confirm your account has Microsoft.Authorization/roleAssignments/write at the project or parent scope.
  • If the user doesn't see the project or pools after a successful assignment, check that the assignment was made at the correct scope (project vs. subscription/resource group) and that the user has a supported account type.

Clean up resources

If you created test role assignments that you no longer need:

  1. In the project's Access control (IAM) pane, locate the role assignment.
  2. Select Remove and confirm.

Related content