In 2025, the key investment areas for Azure CLI and Azure PowerShell are quality and security. We have also made significant efforts to improve the overall user experience. Meanwhile, AI remains a central theme.
In 2025, the key investment areas for Azure CLI and Azure PowerShell are quality and security. We have also made significant efforts to improve the overall user experience. Meanwhile, AI remains a central theme.
At Microsoft Ignite 2025, we are pleased to announce several new features related to these priorities:
- In terms of security: MFA enforcement
- Azure CLI Upgrade and Python 3.13 Compatibility explanation
- New feature: Azure CLI and Azure PowerShell -What-If and -export bicep parameter
Extending our coverage
We’ve rolled out significant updates across Azure CLI and Azure PowerShell to enhance functionality:
Azure CLI and Azure PowerShell Upgrades
- Services updated: ACR, ACS, AKS, App Config, App Service, ARM, ARO, Backup, Batch, Cloud, Compute, Consumption, Container, Container app, Core, Cosmos DB, Cognitive Services, DMS, Eventhub, HDInsight, Identity, IoT, Key Vault, MySQL, NetAppFiles, Network, Packaging, Profile, RDBMS, Service Fabric, SQL, Storage.
New Extensions for Azure CLI and Azure PowerShell
- Extensions added: arize-ai,connectedmachine,containerapp,lambda-test,migrate,neon,pscloud,sftp,site,storage-blob-preview.
New GA Modules for Azure CLI and Azure PowerShell
- Modules are now generally available: DeviceRegistry, DataMigration, FirmwareAnalysis,LoadTesting,StorageDiscovery , DataTransfer, ArizeAI, Fabric, StorageAction, Oracle
For detailed release notes:
- Azure CLI: https://learn.microsoft.com/cli/azure/release-notes-azure-cli
- Azure PowerShell: https://learn.microsoft.com/powershell/azure/release-notes-azureps
Azure CLI Upgrade and Python 3.13 Compatibility Notes
Azure CLI has been upgraded from version 2.76 to 2.77 primarily to address several security vulnerabilities (CVE), including issues related to remote code execution risks and certificate validation flaws in underlying dependencies, ensuring compliance with the latest security standards.
This upgrade requires Python to move from 3.12 to 3.13, which introduces a significant change:
Python 3.13 enforces stricter SSL verification rules, causing failures for users running behind proxies that intercept HTTPS traffic.
Solution: Update your proxy certificate to comply with strict mode. For instance, Mitmproxy fixed this in version v10.1.2 (reference: https://github.com/Azure/azure-cli/issues/32083#issuecomment-3274196488).
For more Python3.13 details, see What’s New In Python 3.13 .
Handling Claims Challenges for MFA in Azure CLI and Azure PowerShell
Claims challenges appear when ARM begins enforcing MFA requirements. If a user performs create, update, or delete operations without the necessary MFA claims, ARM rejects the request and returns a claims challenge, indicating that higher-level authentication is required before the API call can proceed. This mechanism is designed to ensure sensitive operations are performed only by users who have completed MFA.
The challenge arises because Azure CLI and Azure PowerShell can only acquire MFA claims during the login phase, and only if the user’s account is configured to require MFA. Changing this setting affects all services associated with the account, and many customers are reluctant to enable MFA at the account level. As a result, when a claims challenge occurs, Azure CLI and Azure PowerShell cannot automatically trigger MFA in the same way Azure Portal does.
Azure CLI example:
az login --tenant "aaaabbbb-0000-cccc-1111-dddd2222eeee" --scope "https://management.core.windows.net//.default" --claims-challenge "<claims-challenge-token>"
For more details, see:
Azure CLI: Troubleshooting Azure CLI | Microsoft Learn
Azure PowerShell example:
Connect-AzAccount -Tenant yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyy -Subscription zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzz -ClaimsChallenge <claims-challenge-token>
For more details, see:
Azure PowerShell: Troubleshooting the Az PowerShell module | Microsoft Learn
Advanced cloud analysis capabilities, involving capacity insights or forecasting in Azure CLI
With this update, Azure CLI now uses the latest ARM API version (2022-09-01) for endpoint discovery during cloud registration and updates, replacing the older API versions previously used. This ensures more accurate and up-to-date service endpoints, simplifies the configuration of custom Azure clouds, and improves reliability when retrieving required endpoints. By adopting the new API, Azure CLI stays aligned with the latest Azure platform capabilities, increasing both compatibility and forward-compatibility. As a result, users benefit from more accurate endpoint discovery and improved support for new Azure features and service endpoints as they become available.
For more details about managing cloud environments in Azure CLI, please refer to the official documentation: Azure cloud management with the Azure CLI | Microsoft Learn
Azure PowerShell - Add Pagination Support for 'Invoke-AzRestMethod' via '-Paginate' parameter
Invoke-AzRestMethod is a flexible fallback for calling Azure Management APIs, returning raw HTTP responses from underlying endpoints, but it currently lacks built-in pagination, forcing users to implement custom logic when working with large datasets. Since pagination was not part of the original design, changing the default behavior could break existing scripts that depend on the current response format and nextLink handling. To address this without disruption, we plan to introduce pagination as an optional opt-in feature, enabling users to retrieve complete datasets through server-driven pagination without writing custom code while preserving the current behavior by default for full backward compatibility.
For more details, see the official documentation for Invoke-AzRestMethod: Invoke-AzRestMethod (Az.Accounts) | Microsoft Learn
Introducing Azure CLI and Azure PowerShell -What-If and -export bicep parameter
We’re introducing two new features in both Azure CLI and Azure PowerShell: the What-If and Export Bicep parameters. The What-If parameter gives you an intelligent preview of which resources will be created, updated, or deleted before a command runs, helping you catch issues early and avoid unexpected changes. The Export Bicep parameter generates the corresponding Bicep templates to streamline your infrastructure-as-code workflows. Both features leverage AI to assist with command interpretation and template generation. If you’d like to try these capabilities in Azure CLI and Azure PowerShell, you can sign up through our form.
Please stay tuned for more updates.
Breaking Changes
The latest breaking change guidance documents can be found at the links below. To read more about the breaking changes migration guide, ensure your environment is ready to install the newest version of Azure CLI and Azure PowerShell.
Azure CLI: Release notes & updates – Azure CLI | Microsoft Learn
Azure PowerShell: Migration guide for Az 15.0.0 | Microsoft Learn
Milestone timelines:
Thank you for using the Azure command-line tools. We look forward to continuing to improve your experience. We hope you enjoy Ignite and all the great work released this week. We'd love to hear your feedback, so feel free to reach out anytime.
- GitHub:
o https://github.com/Azure/azure-cli
o https://github.com/Azure/azure-powershell
- Let's be in touch on X (Twitter) : @azureposh @AzureCli
Microsoft