Create and configure a project by using the Azure CLI

This quickstart shows you how to create a project in Azure Deployment Environments. Then, you associate the project with the dev center you created in Quickstart: Create and configure a dev center.

A platform engineering team typically creates projects and provides project access to development teams. Development teams then create environments by using environment definitions, connect to individual resources, and deploy applications.


  • An Azure account with an active subscription. Create an account for free.
  • Azure role-based access control role with permissions to create and manage resources in the subscription, such as Contributor or Owner.

Create a project

To create a project in your dev center:

  1. Sign in to the Azure CLI:

    az login
  2. Install the Azure Dev Center extension for the CLI.

    az extension add --name devcenter --upgrade
  3. Configure the default subscription as the subscription where your dev center resides:

    az account set --subscription <name>
  4. Configure the default resource group as the resource group where your dev center resides:

    az configure --defaults group=<name>
  5. Configure the default location as the location where your dev center resides. Location of project must match the location of dev center:

    az configure --defaults location=eastus
  6. Retrieve dev center resource ID:

    DEVCID=$(az devcenter admin devcenter show -n <devcenter name> --query id -o tsv)
    echo $DEVCID
  7. Create project in dev center:

    az devcenter admin project create -n <project name> \
    --description "My first project." \
    --dev-center-id $DEVCID
  8. Confirm that the project was successfully created:

    az devcenter admin project show -n <project name>

Assign a managed identity the owner role to the subscription

Before you can create environment types, you must give the managed identity that represents your dev center access to the subscriptions where you configure the project environment types.

In this quickstart, you assign the Owner role to the system-assigned managed identity that you configured previously: Attach a system-assigned managed identity.

  1. Retrieve Subscription ID:

    SUBID=$(az account show -n <name> --query id -o tsv)
    echo $SUBID
  2. Retrieve Object ID of Dev Center's Identity using name of dev center resource:

    OID=$(az ad sp list --display-name <devcenter name> --query [].id -o tsv)
    echo $SUBID
  3. Assign dev center the Role of Owner on the Subscription:

    az role assignment create --assignee $OID \
    --role "Owner" \
    --scope "/subscriptions/$SUBID"

Configure a project

To configure a project, add a project environment type:

  1. Retrieve Role ID for the Owner of Subscription

    # Remove group default scope for next command. Leave blank for group.
    az configure --defaults group=
    ROID=$(az role definition list -n "Owner" --scope /subscriptions/$SUBID --query [].name -o tsv)
    echo $ROID
    # Set default resource group again
    az configure --defaults group=<group name>
  2. Show allowed environment type for project:

    az devcenter admin project-allowed-environment-type list --project <project name> --query [].name
  3. Choose an environment type and create it for the project:

    az devcenter admin project-environment-type create -n <available env type> \
    --project <project name> \
    --identity-type "SystemAssigned" \
    --roles "{\"${ROID}\":{}}" \
    --deployment-target-id "/subscriptions/${SUBID}" \
    --status Enabled


At least one identity (system-assigned or user-assigned) must be enabled for deployment identity. The identity is used to perform the environment deployment on behalf of the developer. Additionally, the identity attached to the dev center should be assigned the Owner role for access to the deployment subscription for each environment type.

Assign environment access

In this quickstart, you give access to your own ID. Optionally, you can replace the value of --assignee for the following commands with another member's object ID.

  1. Retrieve your own Object ID:

    MYOID=$(az ad signed-in-user show --query id -o tsv)
    echo $MYOID
  2. Assign admin access:

    az role assignment create --assignee $MYOID \
    --role "DevCenter Project Admin" \
    --scope "/subscriptions/$SUBID"
  3. Optionally, you can assign Dev Environment User:

    az role assignment create --assignee $MYOID \
    --role "Deployment Environments User" \
    --scope "/subscriptions/$SUBID"


Only a user who has the Deployment Environments User role, the DevCenter Project Admin role, or a built-in role that has appropriate permissions can create an environment.

Next steps

In this quickstart, you created a project and granted project access to your development team. To learn about how your development team members can create environments, advance to the next quickstart.