The Azure cloud sandbox provides a real, open Azure environment where you can learn through hands-on practice. This article details levels of support, limits, and restrictions to Azure services in the sandbox. See Cloud sandboxes: getting started for instructions on using the sandbox.
Tip: See our AI sandboxes article for a list of supported services in the Azure AI cloud sandbox.
In this article
Global restrictions
The Azure cloud sandbox is compatible with a variety of tools and services within Azure. While we strive to offer you the most comprehensive training opportunity possible, there are some limits to what we can provide in a sandbox environment.
We enforce the following restrictions on our Azure sandbox. If you don’t have access to perform an action in the sandbox, you’ll be notified according to our Hands-on playground and labs abuse protocol.
Regions
Actions in the Azure cloud sandbox are restricted to the following:
North America | Asia | Other |
---|---|---|
|
|
|
Resource groups
The Azure cloud sandbox does not include the option to create additional resource groups—whether directly or through services that automatically generate separate resource groups, such as Network Watcher.
Billing
Users cannot purchase anything, including from the Azure marketplace, or access billing or cost information.
Authorization
- Cannot elevate access
- Cannot create or modify role definitions or assignments
Other blocked functionality
- Add-ons
- Management groups
- SaaS subscriptions
Supported Azure services
Reference the table below to determine whether an Azure service is supported in the sandbox and to see additional limits and restrictions.
Note: This list is subject to change. We reserve the right to add, remove, or modify support for cloud services at any time.
Service name | Level of support |
---|---|
AI and Machine Learning services | |
Autonomous Systems | Not supported |
Azure Bot Service | Supported |
Cognitive Services |
Conditionally supported:
Note: This includes many older Azure services that have been deprecated and re-released as sub-services. |
Enterprise Knowledge Graph |
Not supported |
Azure Machine Learning |
Conditionally supported:
|
Azure AI Search |
Conditionally supported:
|
Analytics services | |
Azure Analysis Services | Supported |
Azure Databricks | Not supported |
Data Catalog | Not supported |
Data Factory | Supported |
Data Lake Analytics | Supported |
Azure Data Lake Storage Gen2 | Supported |
Azure Data Share | Supported |
HDInsight | Not supported |
Azure Data Explorer | Supported |
Power BI | Supported |
Power BI Embedded | Supported |
Microsoft Purview | Supported |
Azure Stream Analytics |
Conditionally supported:
|
Azure Synapse Analytics |
Conditionally supported:
|
Blockchain services | |
Azure Blockchain | Not supported |
Azure Blockchain Tokens | |
Compute services | |
Azure Spring Apps | Not supported |
Azure VMware Solution | Not supported |
Batch | Supported |
Classic deployment model virtual machine | Not supported |
Virtual Machines |
Conditionally supported: Limits
Restrictions
|
Virtual Machine Scale Sets |
Conditionally supported:
|
Azure DevTestLabs | Supported |
Azure Virtual Desktop | Not supported |
Azure Lab Services | Not supported |
SAP HANA on Azure Large Instances | Supported |
Azure Maintenance | Supported |
Azure Quantum | Not supported |
Azure Serial Console for Windows | Supported |
Service Fabric | Supported |
Azure Image Builder | Supported |
Azure VMware Solution by CloudSimple | Not supported |
Azure Cloud Shell | Not supported |
Container services | |
Azure Container Apps | Supported |
Container instances |
Conditionally supported:
|
Container Registry |
Conditionally supported: Limits
Restrictions
|
Azure Kubernetes Service (AKS) |
Conditionally supported: Limits
Restrictions
Note: You may see an error message when using AKS in labs and sandboxes. You can ignore the message and still use the service with this restriction. |
Azure Red Hat OpenShift | Not supported |
Database services | |
Azure Cache for Redis | Not supported |
Azure Database for MariaDB | Supported |
Azure Database for MySQL | Supported |
Azure Database for PostgreSQL | Supported |
Azure Cosmos DB |
Conditionally supported:
|
Azure SQL Database |
Conditionally supported: Limits
Restrictions
|
SQL Server on Azure Virtual Machines | Supported |
SQL Server enabled by Azure Arc | Not supported |
Azure SQL Managed Instance |
Not supported due to length of time needed to provision, update, or delete (multiple hours on average)
|
Developer Tools services | |
Azure App Configuration | Supported |
Microsoft Dev Box | Not supported |
Azure Dev Spaces | Not supported |
Azure Spatial Anchors | Supported |
Azure Notebooks | Supported |
DevOps services | |
Azure DevOps | Not supported |
Azure Hybrid services | |
Azure Arc-enabled data services | Not supported |
Azure Stack HCI | Not supported |
Azure Arc-enabled servers | Supported |
Azure Arc-enabled Kubernetes | Not supported |
Azure Arc site manager | Not supported |
Identity services | |
Note: Some of the unsupported identity services below are available in Active Directory-related labs or pre-created resources within labs, but are not available in sandbox environments. |
|
Microsoft Entra Domain Services |
Conditionally supported in AD labs only:
|
Microsoft Entra ID | Not supported |
Microsoft Entra ID B2C | Not supported |
Managed identities for Azure resources | Not supported |
Integration services | |
API Management |
Conditionally supported:
|
Azure Communication Services | Not supported |
Event Grid | Supported |
Event Hubs |
Conditionally supported: Limits
Restrictions
|
Azure API for FHIR | Supported |
Healthcare APIs | Not supported |
Logic Apps | Supported |
Notification Hubs | Supported |
Power Platform | Not supported |
Azure Relay | Supported |
Service Bus | Supported |
IoT services | |
Azure IoT Hub |
Conditionally supported:
|
Device Update for IoT Hub | Not supported |
Azure Digital Twins | Not supported |
Azure IoT Central |
Conditionally supported:
|
Azure Time Series Insights | Supported |
Windows 10 IoT Core Services | Not supported |
Azure IoT Hub Device Provisioning Service | Supported |
Management services | |
Azure Advisor | Supported |
Azure Resource Manager | Supported |
Automation |
Conditionally supported:
|
Cost Management and Billing | Not supported |
Azure Blueprints |
Conditionally supported:
|
Classic deployment model | Not supported |
Azure Custom Providers | Not supported |
Lifecycle Services | Not supported |
Azure Policy | Supported |
Azure Lighthouse | Supported |
Management Groups | Not supported |
Azure Site Recovery |
Conditionally supported:
|
Azure Resource Graph | Not supported |
Azure Service Health | Supported |
Scheduler | Not supported |
Azure Managed Applications | Not supported |
Media services | |
Media Services | Supported |
Migration services | |
Azure Data Box | Not supported |
Azure Stack Edge | |
Azure Database Migration Service | |
Azure Migrate | |
Monitoring services | |
Azure Monitor - Alerts Management | Supported |
Azure Monitor - Change Analysis | Supported |
Azure Monitor - Insights | Supported |
Azure Monitor - Intune | Not supported |
Azure Monitor - Operational Insights | Supported |
Azure Monitor - Operations Management | Supported |
Azure Monitor - Workload Monitor | Not supported |
Network services | |
Content Delivery Network | Supported |
Classic deployment model virtual network | Not supported |
Virtual networks managed by PaaS services | Not supported |
Azure Peering | Supported |
Application Gateway | Supported |
Azure Bastion | Supported |
Azure DDoS Protection | Not supported |
Azure DNS | Supported |
Azure ExpressRoute | Supported |
Azure Firewall |
Conditionally supported:
|
Azure Front Door | Supported |
Azure Private Link | Supported |
Azure Route Server | Supported |
Load Balancer | Supported |
Network Watcher |
Conditionally supported:
Note: Other supported Azure resources that rely on this service will function as long as it doesn't require users to modify anything in the Network Watcher Resource Group itself. |
Traffic Manager | Supported |
Virtual Network |
Conditionally supported:
|
Virtual Network NAT | Supported |
Virtual Network Manager | Supported |
Virtual WAN | Supported |
VPN Gateway | Supported |
Security services | |
Azure Attestation | Supported |
Customer Lockbox for Microsoft Azure | Supported |
Data Protection | Not supported |
Azure Dedicated HSM | Supported |
Microsoft Defender Advanced Threat Protection | Not supported |
Key Vault | Supported |
Security Center | Supported |
Microsoft Sentinel | Supported |
Extended Security Updates | Not supported |
Storage services | |
Classic deployment model storage | Not supported |
Elastic SAN | Not supported |
Azure HPC Cache | Not supported |
Azure Import/Export | Not supported |
Azure NetApp Files | Supported |
Object Store | Not supported |
Storage |
Conditionally supported:
|
StorSimple | Not supported |
Web services | |
App Service |
Conditionally supported:
|
App Service Certificates | Supported |
Bing Maps | Not supported |
Azure Functions | Supported |
Azure Maps | Supported |
Azure SignalRService | Supported |
5G and Space services | |
Network Function Manager | Not supported |
Azure Private 5G Core | |
Azure Orbital Ground Station |
Hands-on playground abuse
We actively monitor the Hands-on playground for abusive, prohibited, or otherwise unacceptable behavior that goes against the educational purpose of these tools. Abuse of the Hands-on playground is enforced by our Hands-on playground and labs abuse protocol to ensure compliance with the Terms of Use (opens in new tab) you agreed to at sign-up.
To avoid workarounds, we don’t provide specifics of what we look for to identify abuse or how we identify it, but a few general examples of misuse and abuse are listed below:
- Incorrect instance type
- 10 or more virtual machines created at a time
- 10 or more vCPU across all virtual machines
- Attempting to use resources for crypto mining
- Excessive network traffic
- DDoS or port scanning external hosts
This list is not comprehensive, so if you have questions, requests, or want to check whether an activity is allowed in the sandbox, contact Support prior to starting the activity.
Learn, have fun, and please respect the playground.