Solution Atlas
SpecialisedUser storyConsultative playbook

New engineers spend their first week fighting their laptops

A platform engineering team wants to standardise developer environments across permanent staff and contractors. Today, onboarding takes 3–5 days of laptop setup, and image drift produces a long tail of "works on my machine" tickets.

Trigger
High contractor turnover; engineering productivity bottleneck.
Good outcome
Dev Box images per project, GitHub Enterprise repos, Entra ID-based access, Conditional Access enforced.
Diagnostic discovery

Signals this story fits

Observable cues that confirm the conversation belongs here.

  • ·Engineering onboarding takes 3–5 days of laptop setup
  • ·High contractor turnover; provisioning friction
  • ·Image drift produces "works on my machine" tickets
  • ·Plurality of developer OS / hardware combinations
  • ·Security flags on contractor BYOD

Questions to ask

Open-ended, SPIN-style — each one has a reason it matters.

  1. 1.How long does a new engineer take to ship their first commit today?

    WhySurfaces the productivity gap quantitatively.

  2. 2.How many contractor laptops are in your estate?

    WhyOften the most-painful provisioning slice. Dev Box plus identity replaces hardware logistics.

  3. 3.What's the image-management story today — golden images, no images, per-team?

    WhyDetermines platform-team load for moving to Dev Box.

  4. 4.How does Conditional Access apply to developer workstations?

    WhyDev Box requires Entra ID P1; surfaces baseline identity posture.

  5. 5.What source control platform are you on — GitHub, Azure DevOps, Bitbucket?

    WhyDetermines whether GitHub Enterprise is a parallel rollout or a migration.

  6. 6.What does developer offboarding look like today, and how long does it take?

    WhyDev Box + Entra removes the laptop-collection problem entirely.

Baseline → target architecture

TOGAF-style gap framing — what we typically see today, and what the proposed end state looks like. The gap between them is the engagement.

Baseline architecture

Engineer-managed laptops with image drift over time. Contractor mix of BYOD and loaner devices. Source control mixed (Azure DevOps and GitHub). Entra ID P1 partial. Onboarding includes laptop provisioning, role assignment, software installation, and access request flows.

Typical concerns

  • ·Slow onboarding (3–5 days) hurting time-to-first-commit
  • ·Image drift causing intermittent build failures
  • ·Contractor laptops outside the security perimeter
  • ·Offboarding leakage — laptops not returned
  • ·High helpdesk load for image-related issues

Capability gaps

  • ·Project-curated developer workstation images
  • ·SSO into source control
  • ·Conditional Access for developer workstations
  • ·Cost discipline on developer compute
  • ·Image authoring as a platform-team practice
Target architecture

Microsoft Dev Box per project with curated images authored by the platform team. GitHub Enterprise Cloud as the source-control surface with Entra ID SSO. Conditional Access enforced for Dev Box access. Auto-shutdown and stop-on-disconnect policies for cost discipline. Contractors provisioned in hours, offboarded in minutes.

Key capabilities

  • Project-scoped developer workstations
  • SSO into source control
  • Centralised image management
  • Conditional Access for developer access
  • Auto-shutdown for cost control

Enabling SKUs

Resolved in the ‘Recommended cards’ section below.

Architecture decisions

Each decision is offered as explicit options with trade-offs — Hohpe's “selling options” principle. A safe default is noted where one exists.

  1. Decision 1.Developer workstation strategy — Dev Box, Cloud PC, or traditional laptops

    Dev Box

    When it fitsEngineering-focused; image variety per project; need fast onboarding.

    Trade-offsPer-user hourly cost; auto-shutdown discipline required.

    Cloud PC / Windows 365

    When it fitsGeneral office workers with consistent needs.

    Trade-offsLess engineering-friendly tooling.

    Traditional laptops

    When it fitsLatency-sensitive workflows; offline work mandatory.

    Trade-offsImage drift; provisioning logistics.

    Default recommendationDev Box for engineering teams; traditional laptops only where offline work is mandatory.

  2. Decision 2.Source control — migrate to GitHub Enterprise or stay on Azure DevOps

    Migrate to GitHub Enterprise

    When it fitsModern Copilot integration; community familiarity; strategic Microsoft direction.

    Trade-offsMigration cost; ADO Pipelines users learning GitHub Actions.

    Stay on Azure DevOps

    When it fitsStrong existing ADO investment; ADO-specific tooling.

    Trade-offsLess Copilot integration; smaller ecosystem.

    Default recommendationMigrate to GitHub Enterprise for new projects; sunset ADO over 12–18 months.

  3. Decision 3.Image authoring — platform team vs per-project

    Platform team

    When it fitsStronger central platform discipline; consistency prioritised.

    Trade-offsPlatform team becomes a bottleneck for new project needs.

    Per-project

    When it fitsStrong engineering culture; trust in teams to maintain their own.

    Trade-offsImage drift across projects; harder to enforce baseline.

    Default recommendationPlatform team owns the base; project teams extend via overlay templates.

Low-risk trial — proof of value

30-day Dev Box pilot for one engineering team

4 weeks

Provision Dev Box for 12 engineers on one team. Author the project base image. GitHub Enterprise repos with Entra ID SSO. Conditional Access policies. Auto-shutdown + stop-on-disconnect. Measure time-to-first-commit and image-drift tickets.

Success criteria

  • Time-to-first-commit measured before and after — improvement of 50%+
  • Zero image-drift tickets during the trial window
  • 12/12 engineers active on Dev Box at week 4
  • Helpdesk load for the trial team flat or down vs baseline

InvestmentDev Box ~€45/user/month + GitHub Enterprise per-user. Existing laptops untouched during trial.

Proof metrics

  • ·Time-to-first-commit improvement 50%+
  • ·Contractor onboarding time reduced from days to hours
  • ·Image-drift helpdesk tickets eliminated
  • ·Cost per active developer measured and budgeted

Recommended cards

The SKUs and capabilities most likely to be part of the solution, with the editorial rationale for each in the context of this story. Add the ones that fit your situation.

Why for this story

Cloud developer workstations — standardised, fast onboarding, central governance. Auto-shutdown and stop-on-disconnect are the cost control levers.

Why for this story

Source control with Entra ID SSO and Copilot integration. The default developer surface for new projects.

Why for this story

Conditional Access for developer workstations + SSO for GitHub. The identity guardrail beneath the platform.

Back to Internal developer platform