Deep into the Azure rabbit hole • DEVCLASS





Microsoft’s Dev Box offer, preconfigured Windows VMs designed to enable developers to work on remote machines, is now in preview.

Welcome to your dev box – though unfortunately our dev box creation failed

We tried the preview and it is a complex and intricate process which may put off those wanting a quick trial, requiring Azure and Microsoft platform management knowledge and featuring licensing complexity, though for those that persevere the company is offering 15 hours of an 8vCPU VM with 32GB RAM and 512GB SSD for free each month. Beyond that, “organizations are charged on a per-hour basis depending on the number of [hours of] Compute and Storage that are consumed,” states the post.

The Dev Box notion has some merit. VMs in the cloud are more manageable and arguably more secure than a PC on a developer’s desk. If a VM is compromised – perhaps because a desperate developer made an unwise download when trying to solve a problem – the VM can easily be deleted and replaced. An organization can pre-configure a VM with all the developer tools and utilities required, speeding up the onboarding process for new members of the team.

How then do you set up a Dev Box? For the developer it is pretty simple. Sign into the DevBox portal, click Add dev box, select an image type if more than one is on offer, and click Add (yes, a developer may have more than one). The main disappointment is the warning that says “Dev box creation can take 30-90 minutes.”

Why does it take so long to provision a VM, which most cloud platforms including Azure can normally accomplish in a few minutes? This is not clear.

Patience required

Before the developer gets to wait though, Administrators have the task of setting up the Dev Box system behind the scenes. To the uninitiated, this may feel a little like one of those adventure games where you cannot open the door until you get the key that is in the hut on the island and the real first task is to bribe the ferryman. In this case, sign into the Azure portal, and create a Dev Box Dev Center, specifying the Azure region. Next, create a project, used to “organize deployed environments,” and optionally configure identity management “used by the service to perform deployments on behalf of the developers.”

Once a project exists, set project access, and add a dev box pool.

Creating a dev box pool: licensing is complex and not well explained

The dev box pool is critical since this is where dev boxes themselves are managed. A dev box pool requires a dev box definition, which must be pref-configured before creating the pool, and a network connection, same again. It is also necessary to check a box that states “I confirm that my organization has Azure Hybrid Benefit licenses, which will apply to all dev boxes in the pool.” A “learn more” link dumps admins into an article called “How to deploy Windows 10 on Azure” with a list of 365 qualifying subscriptions and no reference to Azure Hybrid benefits other than in the context of Windows Server images. Quick summary: organizations with the right kind of 365 subscription are probably covered, but check with a Microsoft licensing expert.

Despite the scary warning, it might be possible to set up a dev box for an external user under the new rules for external users described here – but do not take our word for it.

The network connection bit can be tiresome. In our case, we created a new virtual network (there are options for both Azure Active Directory join and hybrid domain join via Azure AD connect) but saw a warning when configuring the dev box pool. The warning was “The Intune has a default Windows platform restriction policy, it may block you from provisioning. Please allow the Windows platform in the Intune default enrollment policy.” We headed to Intune to fix this, but although our user has the Intune Administrator role, trying to access Enrollment Device Restrictions brings up a 403 error so something is not quite right.

Behind this issue is the feature that states “Dev boxes are automatically enrolled in Intune. Use Microsoft Endpoint Manager portal to manage the dev boxes just like any other device on the network.” A useful feature but arguably better an an option than as a requirement.

Despite the above, we were able to sign into the Dev Box portal and ad a VM. It said “Creating…” for a long time but eventually failed with a message “There is delay for Intune license to take effect.” In fairness, this is a preview.

15 hours a month per organization will not last long, so what will this cost? Microsoft told us that “On pricing, Microsoft does not have anything to share beyond public preview period.” In the end, it is just an Azure VM. The cost may be in line with Windows 365 pricing in the case where users are already licensed for Windows, which for a VM of a similar spec to the 15 hour offer is currently £134.60 per user/month (c $163), for business users. Note that a dev box is a personal desktop so cannot be shared with other developers. It is possible that admins may find a way to shut down the VMs out of hours, which would be a substantial saving, but the documentation is not clear on this point.

Despite the headaches, this is a service that could work well for Microsoft-platform enterprises for whom Microsoft’s hybrid cloud platform and endpoint management is where they already live, and we may discover that licensing is cheaper on Azure than elsewhere thanks to Microsoft’s including 365 licensing. Outsiders though may have questions like, where is the Linux desktop option? And why the necessity for Intune?

The answer perhaps is that other lighter weight remote development solutions like GitHub Codespaces exist, which are not the same thing but meet some of the same needs. There are also other routes to a full-fat Windows solution, including Windows 365, or even Windows 11 on AWS.




Leave a Reply

Your email address will not be published.