As organizations scale their development efforts, managing access to cloud resources becomes critical. Platform engineers need to strike a balance between enforcing governance and enabling developer agility. At Build 2025, we announced the general availability of project policies in Microsoft Dev Box, which provides a powerful way to improve resource control and governance for cloud development environments while boosting security and compliance.

What are project policies?

With project policies, platform engineers can set guardrails on a per-project basis, to ensure that each project has access only to the necessary resources. At any point, a project will have one policy applied to it, and a new dev box will be created with resources allowed by the policy, ensuring that they can only access the permitted resources.

How to configure project policies—default vs custom

Project policies allow you to manage three key Dev Center resources: SKUs, Images, and Network Connections.

To get started with project policies, follow these steps: 

1. Create a “Default” Policy  
   • Choose the resources—SKUs, images, and network connections—that you want to be available for all projects in the Dev Center. Once the policy is created, it is applied to all current and future projects.  
   • While choosing the resources—SKUs, images, and network connections you can either choose “allow all current and future resources,” ” no resources allowed,” or “select a specific resource or group of resources” 
2. Or create custom policies if you have specific resource requirements for specific projects
   • Custom policy lets you manage project specifications.  
   • Custom policies will supersede the default policy, and only the resources allowed in the custom policy will be available. This ensures that there is a clear way to know the resources for each project in the Dev Center.

List of all the Project Policies 

To view all the policies in the dev center, click on the main project policy blade. This will list the detail and status of all the policies.

Managing multiple project policies 

When setting up project policies for multiple projects, you have several options to consider:

1. For projects with identical needs, a single custom policy can be created and applied to multiple projects. This approach allows governance of these projects with one policy. For example, project1, project2, and project5 have identical needs, and a single policy is configured to manage all three projects.
2. For projects with different resource requirements, a custom policy needs to be created for each specific project. For example, project6 requires a 32vCPU and a different base image than the other projects. Similarly, project3 and project4 have specific needs that are not part of the default policy. In such cases, multiple custom policies can be defined.

Each project will have one policy applied at any given time. Upon creation, a project is assigned the default policy. If the default policy does not meet the project’s requirements, a custom policy can be applied. In such cases, the custom policy will replace the default policy. After the project policies are established, new development boxes will only be able to access the network connections, images, and SKUs permitted by the policy.

Applying project policies may impact the pool’s health if the pool utilizes resources that are restricted by the policy. This restriction will prevent the creation of new development boxes in the affected pool. However, existing development boxes will continue to function without any issues.

Get started today

• To learn more about project policies, you can visit: Enforce Governance with project policies in Microsoft Dev Box – Microsoft Dev Box | Microsoft Learn.
• Try Dev Box today! Start here 
• We value your feedback, please share your thoughts with us here