Azure Sandbox is a collection of interdependent cloud computing configurations for implementing common Azure services on a single subscription. This collection provides a flexible and cost effective sandbox environment for experimenting with Azure services and capabilities.
Depending on your Azure offer type and region, a fully provisioned Azure Sandbox environment can be expensive to run. You can reduce costs by stopping or deallocating virtual machines (VMs) when not in use, or by skipping optional configurations that you don't plan to use.
Architecture
Download a Visio file of this architecture.
Components
You can deploy all the following sandbox configurations, or just the ones you need.
- Shared services virtual network, Azure Bastion, and Active Directory domain controller
- Application virtual network, Windows Server jump box, Linux jump box, and Azure Files share
- SQL Server on Azure Virtual Machines
- Azure SQL Database
- Azure Database for MySQL Flexible Server
- Azure Virtual WAN and point-to-site VPN
Deploy the sandbox
The Azure Sandbox environment requires the following prerequisites:
- A Microsoft Entra ID tenant
- An Azure subscription
- The appropriate Azure role-based access control (RBAC) role assignments
- A service principal
- A configured client environment
For more information about how to prepare for a sandbox deployment, see Prerequisites.
To integrate AzureSandbox with an Azure landing zone consider doing the following:
- Place the sandbox subscription in the Sandboxes management group.
- Keep the sandbox isolated from your private network.
- Audit sandbox subscription activity.
- Limit sandbox access, and remove access when it is no longer required.
- Decommission sandboxes after an expiration period to control costs.
- Create a budget on sandbox subscriptions to control costs.
See Landing zone sandbox environments for more information.
To deploy Azure Sandbox, go to the AzureSandbox GitHub repository and begin with Getting started. See Default Sandbox Deployment to deploy your Azure Sandbox environment. For more information, see Known issues.
Use cases
A sandbox is ideal for accelerating Azure projects. After you deploy your sandbox environment, you can add services and capabilities. You can use the sandbox for activities like:
- Self-learning
- Hackathons
- Testing
- Development
Important
Azure Sandbox isn't intended for production use. The deployment uses some best practices, but others intentionally aren't used in favor of simplicity and cost.
Capabilities
Have you ever wanted to experiment with a particular Azure service or capability, but were blocked by all the foundational prerequisites? A sandbox environment can accelerate your project by provisioning many of the mundane core infrastructure components. You can focus on just the services or capabilities you need to work with.
For example, you can use the following capabilities and configurations that the Azure Sandbox environment provides:
Connect to a Windows jump box VM from the internet.
- Option 1: Internet-facing access by using a web browser and Azure Bastion
- Option 2: Point-to-site VPN connectivity via Azure Virtual WAN
Use a preconfigured Active Directory Domain Services local domain as a domain administrator.
- Preconfigured integrated DNS server
- Preconfigured integration with Azure private DNS zones
- Preconfigured integration with Azure Private Link private endpoints.
Use an Azure Files preconfigured file share.
Use a Windows jumpbox VM as a developer workstation.
- Domain joined to local domain
- Administer Active Directory and DNS with preinstalled Windows Server Remote Server Administration Tools
- Visual Studio Code preinstalled with Remote-SSH into a Linux jump box
- Azure Storage Explorer, AzCopy, and Azure Data Studio preinstalled
- SQL Server Management Studio preinstalled
- MySQL Workbench preinstalled
Use a Linux jump box VM as a DevOps agent.
- Domain joined to local domain using Winbind
- Azure CLI, PowerShell, and Terraform preinstalled
- Dynamic CIFS mount to Azure Files preconfigured file share
Use a preconfigured SQL Server VM.
- Domain joined to local domain
Use a preconfigured Azure SQL database or Azure Database for MySQL Flexible Server through private endpoints.
Contributors
This article is maintained by Microsoft. It was originally written by the following contributor.
Principal author:
To see non-public LinkedIn profiles, sign in to LinkedIn.
Next steps
- Develop and test on Azure
- Microsoft Cloud Adoption Framework
- Cloud Adoption Framework Azure setup guide
- Microsoft Azure Well-Architected Framework