[AI-Suggested] Content update request from Product Release signal: [GitHub] azure-cli azure-cli-2.81.0

[learn-build-service-test]

Background

A recent product update has been released that may impact our documentation. This could include new features, changes to existing functionality, or other product enhancements.
Your Action Required: Please review the suggestions below and update the relevant documentation to ensure accuracy and completeness.

Signal Details:

• Title: [GitHub] azure-cli azure-cli-2.81.0
• Source URL: https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.81.0
• Repository: https://github.com/Azure/azure-cli
• ReleaseWindowUtc: 2025-11-18 05:40:19Z - 2025-12-02 05:39:31Z
• TargetBranch: release
• currentTag: azure-cli-2.81.0
• targetCommitish: release
• releaseUrl: https://github.com/Azure/azure-cli/releases/tag/azure-cli-2.81.0
• previousTag: azure-cli-2.80.0

Source Signal Summary

• Azure CLI az cosmosdb create (Cosmos DB account) --capabilities parameter changed from “one or more values required” to “zero or more values allowed” (nargs='+' → nargs='*'), so the az command reference and parameter guidance should no longer imply at least one capability must be provided when the flag is used.
• Breaking: Azure CLI az netappfiles pool create and az netappfiles pool update changed --custom-throughput/--custom-throughput-mibps to accept an integer value (MiB/s) instead of a float; scripts passing decimals may now fail validation.
• Azure CLI az netappfiles volume-group create added --network-features (alias --shared-network-features) under the “Shared Volume” arguments to set volume-group network features (Basic or Standard, default Basic).
• Azure CLI az netappfiles volume replication list added --exclude to filter out deleted replications (None/Deleted, default None); this is now sent in the request body and affects which replications appear in command output.
• Azure CLI az netappfiles volume update marked --remote-volume-resource-id (alias --remote-volume-id) as deprecated via the breaking-change/deprecation system; az command reference should reflect the deprecation guidance.
• Azure CLI az netappfiles volume splitclonefromparent is no longer marked as is_preview=True (i.e., it should no longer be documented as a preview command in the az command reference).
• Azure CLI az netappfiles check-name-availability and az netappfiles check-quota-availability expanded supported --type values to include backup-related resource types (for example, Microsoft.NetApp/netAppAccounts/backupVaults/backups and Microsoft.NetApp/netAppAccounts/capacityPools/volumes/backups).
• Breaking: Azure CLI az mysql flexible-server export command group (including az mysql flexible-server export create) is now hidden from the az command reference/help via deprecate_info=self.deprecate(hide=True) because MySQL Flexible Server backup export is no longer supported; update/remove any docs that instruct users to run az mysql flexible-server export.
• Azure CLI az aks safeguards create and az aks safeguards update add a new --pss-level parameter to configure AKS Deployment Safeguards Pod Security Standards (PSS) level (Baseline, Privileged, Restricted), and the az aks safeguards show/list/wait outputs now include the podSecurityStandardsLevel field for the DeploymentSafeguards resource.
• Azure CLI az aks safeguards commands (create, update, show, list, delete, wait) update their documented usage to reliably support the -g/--resource-group + -n/--name pattern (in addition to -c/--cluster/--managed-cluster), including treating -c/--cluster as either a full managed cluster resource ID or (if not a valid resource ID) a cluster name that requires -g/--resource-group; managed cluster IDs are also normalized to allow missing leading / for backward compatibility.
• Azure CLI az aks safeguards create now performs a pre-check and fails fast with a clear error message if an AKS Deployment Safeguards instance already exists for the cluster, directing users to az aks safeguards update or az aks safeguards delete instead of attempting to create again.
• Azure CLI az aks safeguards commands switch the underlying AKS DeploymentSafeguards management-plane api-version to 2025-07-01 (from 2025-04-01), which may affect any documentation that references the specific API version used by the Azure CLI implementation.
• Azure CLI az bicep install: fixes behavior so that specifying --version no longer gets ignored when bicep.use_binary_from_path is enabled; the CLI will only use the bicep executable from PATH when no specific version is requested (aligns --version semantics with the az command reference for az bicep install).
• Azure CLI az bicep install: adds/changes user-visible console messages when Bicep is already installed—prints a skip message when no --version is provided, and prints an “already installed” message when the requested --version matches the installed Bicep CLI version (may affect documented examples/output expectations for az bicep install).
• Azure CLI az vm show and az vm wait (Compute command group) now support --expand resiliencyView in addition to existing instanceView/userData options; update the az vm show / az vm wait az command reference for the new --expand value.
• Azure CLI az vm show / az vm wait responses (JSON output) now include additional fields surfaced by the newer Compute API version (moved to api-version=2025-04-01), notably systemData on the VM resource and additional properties under properties (for example additionalCapabilities.enableFips1403Encryption, scheduledEventsPolicy.allInstancesDown, scheduledEventsAdditionalPublishingTargets.eventGridAndResourceGraph.scheduledEventsApiVersion, and securityProfile.proxyAgentSettings.addProxyAgentExtension); update any docs or samples that enumerate these outputs.
• Azure CLI az vm update and az vmss update now use ARM resource-ID typed arguments (AAZResourceIdArg) for several id fields (for example network interface id, storageProfile.imageReference.id, disk encryption set id, and generic sub-resource id); documentation for these parameters should explicitly state/assume full Azure Resource Manager resource IDs and scripts that relied on non-ID strings may no longer work.
• Azure CLI az vmss show is now implemented in the AAZ (Code Gen V2) layer and uses api-version=2025-04-01; its JSON output includes systemData and other newer Compute resource fields, so update any az vmss show output examples or field lists in the az command reference if they implied the previous shape.
• Azure CLI az vm update switched to the AAZ (Code Gen V2) backend for the “get-then-update” flow, including a behavior change to skip image permission checks by clearing storageProfile.imageReference on the fetched VM object; users who previously needed read access to the source image may no longer need it for az vm update in common update scenarios.
• Azure CLI az vmss update switched to the AAZ (Code Gen V2) backend for both VM Scale Set model updates and per-instance updates (az vmss update --instance-id ...), including the same behavior change to skip image permission checks by clearing virtualMachineProfile.storageProfile.imageReference (or instance storageProfile.imageReference) before sending the update.
• Azure CLI (AAZ-generated) az vmss wait added a new --expand query option (documented values include userData) and updated its underlying Compute “api-version” to 2025-04-01, which may affect documented az vmss wait parameters and examples involving --expand/UserData retrieval.
• Azure CLI az vm application set and az vmss application set (Compute) add a new multi-value flag --enable-automatic-upgrade (alias --enable-auto-upgrade) to set per-application Gallery Application automatic upgrade behavior; values are a space-separated list of true|false corresponding to --app-version-ids/--application-version-ids items.
• Azure CLI az vm application set / az vmss application set now validate that --enable-automatic-upgrade provides the same number of true|false values as --application-version-ids, otherwise the command fails with a usage error (impacts documented parameter rules for these az commands).
• Azure CLI help/az command reference examples for az vm application set are updated to show using --enable-automatic-upgrade when setting VM applications.
• Breaking: Azure CLI az vmss application set output may include an extra line written to stdout (a print(...) of the VMSS extension list) before the normal command output, which can break scripts that parse the command output format.

Suggestions

Note

Suggestions are generated by AI and they may not be entirely accurate or complete. Please check impacted files scope and suggestions details before making changes.

• docs-ref-conceptual/Latest-version/release-notes-azure-cli.md:
  1. In the December 02, 2025 (Azure CLI 2.81.0) section under NetAppFiles, add a [BREAKING CHANGE] entry for az netappfiles pool create and az netappfiles pool update noting that --custom-throughput/--custom-throughput-mibps now only accepts integer values (MiB/s). Include the user-visible impact that decimal values (floats) that previously worked will now fail validation.
  2. In the same breaking change bullet, explicitly clarify the expected unit (MiB/s) and that the input type is an integer (no decimals). This prevents ambiguity for users migrating scripts that may have used fractional throughput values.
  3. If the release notes document maintains consistency for parameter naming, include both parameter forms as they appear in the CLI (--custom-throughput and --custom-throughput-mibps) to ensure users searching for either flag can find the breaking change note. Place it near other NetAppFiles changes for 2.81.0.
• docs-ref-autogen/Latest-version/latest/netappfiles/pool.yml:
  1. [Correction] In the az netappfiles pool create section, update the --custom-throughput/--custom-throughput-mibps parameter description (and any parameter metadata if present) to explicitly state that the value must be an integer number of MiB/s and that decimal values are not accepted.
  2. [Correction] In the az netappfiles pool update section, make the same change for the --custom-throughput/--custom-throughput-mibps parameter to reflect integer-only input and prevent scripts from using decimal values.
  3. [Correction] Review the examples on the page (and any inline snippets that mention --custom-throughput) and ensure they use whole-number MiB/s values only; if any examples use decimals, change them to integers.
• docs-ref-conceptual/Latest-version/release-notes-azure-cli.md:
  1. In the "December 02, 2025 (Version 2.81.0)" section, add a MySQL (or appropriate category) breaking change entry stating that MySQL Flexible Server backup export is no longer supported and the az mysql flexible-server export command group (including export create) is hidden/removed from CLI help and reference.
  2. Where the new breaking change is added for 2.81.0, clarify the user-visible impact (for example, users will not see az mysql flexible-server export in az --help/command reference and scripts relying on it must be updated), without rewriting older historical entries.
• docs-ref-autogen/Latest-version/latest/aks/safeguards.yml:
  1. [Correction] In each command section (create, update, show, list, delete, wait), update the --cluster/--managed-cluster (-c) parameter description to state it accepts either a managed cluster ARM resource ID or a cluster name. Clarify that when a name is provided, --resource-group (-g) is required (and that -c can be an ID or name, but not both with -g/-n if the command enforces mutual exclusivity).
  2. [Correction] Where the docs refer to the managed cluster identifier as “fully qualified” (implying a leading /), adjust wording to reflect the new normalization behavior that also accepts IDs without the leading / for backward compatibility. This applies to the --cluster/--managed-cluster parameter descriptions and any example text that labels the input as a fully qualified ARM ID.
  3. Add (or adjust) at least one example under the affected commands demonstrating -c/--cluster used as a cluster name together with -g/--resource-group (for example, az aks safeguards show -c <clusterName> -g <rg>). This ensures the newly supported and user-visible invocation pattern is discoverable and not contradicted by the existing ID-only wording.
• docs-ref-autogen/Latest-version/latest/vm.yml:
  1. In the az vm show command section, add/update the --expand optional parameter to reflect the supported expand options and include the new value resiliencyView alongside the existing instanceView and userData values. Update the syntax block for az vm show to include --expand if it is currently omitted.
  2. In the az vm wait command section, add/update the --expand optional parameter and include resiliencyView as an accepted value (alongside the existing instanceView and userData values). Update the az vm wait syntax block to include --expand if it is currently omitted.
  3. Where the --expand parameter is documented, ensure the parameter description and accepted-values list clearly indicate that resiliencyView is a valid selection so users can correctly request resiliency details in the response payload used for waiting/queries.
• docs-ref-autogen/Latest-version/latest/vm.yml:
  1. In the az vm show command section, update the option list to include the --expand parameter and list resiliencyView as an accepted value alongside the existing supported values (for example instanceView and userData, as applicable). Ensure the syntax block and the optional-parameters table reflect this.
  2. In the az vm wait command section, add/update documentation for --expand and include resiliencyView as a valid expand target. Make sure the parameter description and any accepted-values list reflect the new value.
  3. Where the document describes VM details returned or conditions used in wait queries (for example references to instance view), ensure the wording does not imply only instanceView/userData expansions are possible. Adjust any --custom query examples only if they explicitly depend on a limited set of expand values.

---

📚 To learn more about agentic content maintenance workflow, visit Agentic workflow for Learn content maintenance. Sign in using Learn Profile to access the content on this link.

💬 Share your feedback on the Learn Content Maintenance Agentic Workflow here.