Azure Dev Box reference implementation (Bicep + Packer)

Public, reusable reference implementation for deploying an Azure Dev Box environment with:

• Bicep for the platform and Dev Center layer
• Packer for building and publishing a Windows 11 base image into Azure Compute Gallery (ACG)
• sample Azure DevOps pipelines (What-If + Deploy)

This repo is intentionally prepared for portfolio/public sharing: it contains placeholders only (no customer identifiers, no git history, no secrets).

---

What this demonstrates

• Three-layer design (foundation → image factory → dev boxes)
• Multi-region ready (primary + secondary pattern)
• Network flexibility: deploy into a new VNet or attach to an existing subnet
• A pragmatic CI/CD flow: validate/what-if first, then deploy
• Opinionated operational notes: image lifecycle, Intune onboarding, cost & governance

If you want the deeper design write-up, start with: docs/HLD.md.

Suggested reading order:

1. docs/PORTFOLIO.md — what this repo is meant to showcase
2. docs/ARCHITECTURE-AT-A-GLANCE.md — short architecture + sequence diagram
3. docs/HLD.md — full design
4. docs/BestPractices.md — governance/operations notes
5. docs/DEPLOYMENT.md — step-by-step deployment

---

Architecture (high level)

flowchart TB
  subgraph Operator["Operator / Pipeline Agent"]
    Packer["Packer build"]
    Scripts["Deploy scripts"]
  end

  subgraph Azure["Azure Subscription"]
    subgraph Platform["Part 1: Platform foundation"]
      VNet["VNet + Subnet (+ NSG/UDR optional)"]
      ACG["Azure Compute Gallery"]
      Shared["Shared services (e.g., Log Analytics, KV - optional"]
    end

    subgraph Image["Part 2: Image pipeline"]
      BuildRG["Temporary build RG"]
      Win11["Windows 11 base image"]
    end

    subgraph DevCenter["Part 3: Dev Center"]
      DC["Dev Center"]
      NC["Network Connection"]
      Proj["Project"]
      Defs["Dev Box Definitions"]
      Pools["Pools (light/standard/heavy)"]
      DevBoxes["Dev Boxes"]
    end
  end

  Scripts -->|"deploy"| Platform
  Packer -->|"build VM in"| BuildRG
  BuildRG -->|"publish"| ACG
  ACG -->|"image reference"| Defs
  VNet --> NC
  NC --> Pools
  Pools --> DevBoxes

Loading

---

Repository layout

Path	Purpose
bicep/part1-platform	subscription-scope foundation (RGs, networking, ACG, shared services)
bicep/part2-image	Packer image build (Windows 11 base → ACG)
bicep/part3-devcenter	Dev Center, Project, Definitions, Pools
pipelines	sample Azure DevOps pipelines (what-if + deploy)
scripts	helper PowerShell scripts for local runs
docs	HLD, best practices, platform overview, deployment notes

---

Prerequisites

Tools (local runs):

• Azure CLI (az) + an authenticated session
• PowerShell 7+ (recommended)
• Bicep CLI (usually via Azure CLI)
• Packer 1.9+ (for Part 2)

Typical permissions (minimum):

• Ability to deploy resource groups and subscription-scope resources in the target subscription
• Permissions required by Azure Dev Center resources (Dev Center / Project / Pools)
• Permissions to create and publish images to Azure Compute Gallery

If your org has strict RBAC / Policy constraints, run What-If first and align required roles with your cloud governance team.

Quick start (local, PowerShell)

Note: All IDs and names in this repo are placeholders. Replace them with values from your own Azure environment.

1. Login and select subscription:

az login
az account set --subscription "<SUBSCRIPTION_ID>"

2. Deploy Part 1 (platform foundation):

./scripts/deploy-part1.ps1 -SubscriptionId "<SUBSCRIPTION_ID>" -Location "westeurope" -ParamFile "./bicep/part1-platform/parameters.we.json"

3. Build Part 2 image (Packer → ACG):

cd ./bicep/part2-image
./build-we.ps1

4. Deploy Part 3 (Dev Center + Project + Pools):

./scripts/deploy-part3.ps1 -SubscriptionId "<SUBSCRIPTION_ID>" -Location "westeurope" -ParamFile "./bicep/part3-devcenter/parameters.we.json"

---

CI/CD flow (Azure DevOps)

Pipelines in pipelines/ follow a simple pattern:

flowchart LR
  A[Validate] --> B[What-If]
  B --> C{Manual approval?}
  C -->|yes| D[Deploy]
  C -->|no| D

Loading

You must replace REPLACE-WITH-SERVICE-CONNECTION with your Service Connection name.

If you want a fully documented runbook, see: docs/DEPLOYMENT.md.

---

Deployment modes

Two common patterns are supported:

1. Greenfield / lab: create VNet + subnet in Part 1, then attach Dev Center to that network.
2. Enterprise / existing network: provide an existingSubnetId in Part 3 parameters and deploy Dev Boxes into a pre-created subnet.

Details: docs/DevBox-Platform-Overview.md and docs/BestPractices.md.

---

Security & hygiene

• No secrets are stored in this repository.
• Do not commit real environment IDs, addresses, or tenant details.
• See SECURITY.md for guidance.

Portfolio note

This repository is published as a reference implementation. It intentionally avoids customer specifics and uses placeholders throughout.

---

License

MIT — see LICENSE.