The priority for Azure CLI and Azure PowerShell remains to provide our customers with the most complete, secure, and easy-to-use tools to manage Azure resources.
At Microsoft Build 2024, we are announcing the following new capabilities delivering on our priorities:
- Extending our coverage and commands API version upgrade.
- Improvements in user login experience.
- Security improvements.
- Invested in Copilot in Azure
Extending our coverage
In the past six months, we have added or refreshed coverage for those new or existing Azure services within 30 days of their general availability.
You will see the addition of AzureSphere, AzureMonitor/DataCollectionRule, AzureMonitor/Metricdata, AzureMonitor/ActionGroup, Workloads, Fleet, CustomLocation, EventGrid, Subscription, ContainerApp modules or API upgrades, Azure CLI upgraded or added new commands exceeding 600, Azure PowerShell upgraded or added more than
Note: To use the associated commands, you may need to manually install the Azure CLI extension or the Azure PowerShell module.
For details about all the commands that have been updated, as well as a complete list of great and exciting new features of this release for the Azure client tools, see the release notes of each tool:
- Azure CLI: https://learn.microsoft.com/cli/azure/release-notes-azure-cli
- Azure PowerShell: https://learn.microsoft.com/powershell/azure/release-notes-azureps
Credential detection from Az CLIs outputs
We have been actively working on hardening your defense in depth with secrets awareness in Azure command line tools, please refer to the link for details Hardening your defense in depth with secrets awareness in Azure command line tools - Microsoft Community Hub.
Importance of handling secrets returned by Azure APIs with care, especially when the output of commands is stored in log files. The article from Palo Alto Networks describes a scenario where sensitive information was exposed, which has since been fixed in Azure CLI 2.60.0 and Azure PowerShell 11.6.0 versions.
In Azure CLI 2.61.0 and Azure PowerShell 12.0.0 versions, we have enabled secret detection by default in Local installation, Azure DevOps, GitHub action, and CloudShell. When you upgrade to Azure CLI 2.61.0 and Azure PowerShell 12.0.0, the Client command line tool will detect whether secrets, access tokens, and storage account keys are in your pipeline or logs and display warning messages. This detection has covered most key modules and extensions, such as Compute, Network, and Storage. In the next step, we will further cover the new service module and extension.
To ensure consistency, CLI and PS have added the same environmental parameters:
AZURE_CLIENTS_SHOW_SECRETS_WARNING=True (Default)
New login experience (GA)
In April this year, we released a preview version of the new login experience based on customer feedback of the login experience over the past few months.
In Azure CLI 2.61.0 and Azure PowerShell 12.0.0 version, we set the new login experience as the default and added a login experience selection configuration. Details can be viewed: Announcing a new login experience with Azure PowerShell and Azure CLI
Azure CLI add new environment parameter:
az config set core.login_experience_v2=on (Default)
Azure PowerShell add new environment parameter:
Update-AzConfig - LoginExperienceV2 $On (Default)
Web Account Manager (WAM) by default
Azure CLI and Azure PowerShell announced WAM preview versions in 2023. After a preview period, WAM is now the default authentication mechanism simultaneously with Azure CLI 2.61.0 and Azure PowerShell 12.0.0 . Please refer to the following for details.
Azure CLI: Sign in with Azure CLI using web account manager (WAM) | Microsoft Learn
Azure PowerShell: Sign in to Azure PowerShell interactively | Microsoft Learn
Note:
National Cloud does not currently support WAM, we will implement it in the coming months.
Long Term Support releases (LTS) announcement
Starting from Azure CLI 2.61.0 and Azure PowerShell 12.0.0, Azure CLI and PowerShell will support both Standard Term Support releases (STS) and Long-Term Support releases (LTS). Users can choose the appropriate version according to their project needs. Users can choose to stay in the LTS version for a period, or they can choose to upgrade with the latest version to experience new features. The following document details the definitions of LTS and STS.
Azure CLI support lifecycle: Azure CLI lifecycle and support | Microsoft Learn
Azure PowerShell support lifecycle: Azure PowerShell support lifecycle | Microsoft Learn
In 2023, we added knowledge of Azure CLI commands and end-to-end scenarios to Copilot for Azure to answer questions related to Azure CLI commands or scripts, following our best practices. In the 2024 Build Event, we added knowledge of Azure PowerShell commands and end-to-end solutions.
Over the past 6 months, we have continued to be onboarding the Azure PowerShell knowledge base to Copilot in Azure, and we encourage users to try it out. At the same time, to ensure that the accuracy returned by the command line script is more reliable, we have updated the knowledge base of Azure CLI and PowerShell, and verified the command line or script in the example so that the syntax of the command line displayed to the user is accurate.
We also encourage you to try our new question-skilling experience. When you ask for command line parameters in the question description, Copilot will actively inject the parameter values into the returned command line answer and prompt whether other parameters need to be reassigned. This greatly reduces the need for users to repeatedly edit using the command line. Here is an example:
To learn more about Microsoft Copilot for Azure and how it can help you, visit: https://techcommunity.microsoft.com/t5/azure-infrastructure-blog/simplify-it-management-with-microso...
GitHub Actions for Azure CLI and Azure PowerShell
In the past six months, we put some effort into adding some exciting feature upgrades to GitHub Actions. We've made the following improvements to security and efficiency.
- New Features
- Support Managed Identity Login.
- Support Self-hosted runners.
- Support OIDC login for sovereign clouds
- Support macOS in Azure PowerShell Action.
- Security
- Support pre- and post- cleanup.
- Efficiency
- Reduce the action package size from 80M to 500K+. Self-hosted runner speed has increased by more than 70%.
For details, please refer to the document:
Azure Login · Actions · GitHub Marketplace
Breaking Changes
The latest breaking change guidance documents can be found at the links below. To read more about the breaking changes migration guide, ensure your environment is ready to install the newest version of Azure CLI and Azure PowerShell.
Azure CLI: Release notes & updates – Azure CLI | Microsoft Learn
Azure PowerShell: Migration guide for Az 12.0.0 | Microsoft Learn
Thank you for using the Azure command-line tools. We look forward to continuing to improve your experience. We hope you enjoy Build and all the great work released this week. We'd love to hear your feedback, so feel free to reach out anytime.
- Let's be in touch on X (Twitter) : @azureposh @AzureCli