Skip to content

[AI-Suggested] Content update request from Product Release signal: azure-cli azure-cli-2.82.0 #9

New issue
New issue
Open
Open
[AI-Suggested] Content update request from Product Release signal: azure-cli azure-cli-2.82.0#9
Labels
azure-cli/svcchange-detection-agentproduct-release/sigtype
@learn-build-service-ppe

Description

@learn-build-service-ppe
learn-build-service-ppe
bot
opened on Feb 13, 2026

Background

A recent product update has been released that may impact our documentation. This could include new features, changes to existing functionality, or other product enhancements.
Your Action Required: Please review the suggestions below and update the relevant documentation to ensure accuracy and completeness.

Signal Details:

Source Signal Summary

Details
  • Azure CLI az network application-gateway settings create and az network application-gateway settings update (az command reference) add a new boolean flag --enable-l4-client-ip to set the Application Gateway backend settings property enableL4ClientIpPreservation (help text states default is false; update supports clearing via nullable behavior).
  • Azure CLI az network application-gateway probe create and az network application-gateway probe update (az command reference) add a new boolean flag --enable-proxy-header to set the Application Gateway probe property enableProbeProxyProtocolHeader (help text states default is false; update supports clearing via nullable behavior).
  • Azure CLI az network application-gateway probe and az network application-gateway settings commands move to Azure Network management API api-version=2025-01-01 (from 2023-11-01), which may affect documented compatibility/availability in sovereign clouds or older environments where that API version is not supported.
  • Azure CLI in-command help text for az network application-gateway probe delete/list/show and az network application-gateway settings delete/list/show no longer includes the inline :example: blocks (may reduce examples shown in az ... -h, so az command reference/examples may need to compensate).
  • Azure CLI Network: az network application-gateway waf-policy managed-rule rule-set disabled rules default behavior (update az network command reference and any default-behavior notes).
  • Azure CLI az network virtual-appliance create and az network virtual-appliance update add a new Properties parameter --nva-interface-configurations (alias --interface-configs) to configure nvaInterfaceConfigurations (list max length 3) with fields name (max 70 chars), subnet.id (subnet resource ID), and type (list enum: PrivateNic, PublicNic, AdditionalPrivateNic, AdditionalPublicNic; docs should note only PrivateNic+PublicNic combo is currently supported).
  • Azure CLI az network virtual-appliance show output now includes properties.nvaInterfaceConfigurations and properties.privateIpAddress (read-only), affecting the az command reference for expected JSON fields.
  • Azure CLI adds a new command group az network virtual-appliance identity with new commands assign, remove, show, and wait; assign/remove support --system-assigned and --user-assigned (managed identities) and support --no-wait, requiring new az command reference entries for this command group.
  • Breaking: Azure CLI az network virtual-appliance create and az network virtual-appliance update rename the parameter --internet-ingress-public-ips to --internet-ingress-ips (mapped to properties.internetIngressPublicIps), which can break existing scripts using the old flag.
  • Azure CLI az network virtual-appliance create/list/show/update/delete/wait move to Network management API version 2024-10-01; docs may need updates if behavior or supported properties differ from the previously documented 2023-11-01 behavior.
  • Azure CLI az network watcher flow-log create and az network watcher flow-log update add a new optional --record-types parameter (az command reference) to filter Flow Log records by flow state using a comma-separated combination of B (Begin), C (Continue), E (End), and D (Deny); if omitted, Azure Network Watcher Flow Logs continue to log all traffic.
  • Azure CLI az network watcher flow-log show (and az network watcher flow-log wait output) now surfaces the recordTypes property in the returned Flow Log resource when present, aligning command output with the new --record-types setting.
  • Azure CLI az network private-endpoint-connection / Private Link provider registration now includes Microsoft.Maps/accounts (API version 2023-12-01-preview) as a supported Private Link resource type; update docs that list supported resource providers for Network Private Link Resource / Private Endpoint Connection workflows to include Azure Maps.
  • Behavior change (Azure CLI az acr login): AAD token acquisition for Azure Container Registry now always requests an access token with the ACR audience (https://containerregistry.azure.net / ACR_AUDIENCE_RESOURCE_NAME), instead of conditionally using that audience based on the registry’s authentication policy; docs/help that describe az acr login authentication/token behavior may need to be updated to reflect the new fixed audience used.
  • Azure CLI az appservice list-locations adds a new preview flag --managed-instance-enabled to filter the App Service region list to locations that support Azure App Service Managed Instance workers (Managed Instance App Service Plan support); az appservice list-locations --managed-instance-enabled performs SKU-tier validation and returns an empty list unless --sku is a supported Managed Instance tier (currently PremiumV4 / PremiummV4), and it queries the Microsoft.Web/geoRegions API using API version 2025-03-01 with Managed Instance–specific handling (SKU not sent to the API call).
  • Azure CLI az vmss get-instance-view is migrated to an AAZ-based implementation (now calling the Compute RP instanceView/virtualMachines/{instanceId}/instanceView endpoints with API version 2024-11-01), which may change observable CLI behavior such as error payload formatting and the exact JSON shape/field flattening of the command output compared to the prior SDK-based implementation (update az command reference examples if they imply the old output structure); az vmss get-instance-view --instance-id '*' now retrieves per-VM instance views via an AAZ-based az vmss list-instances call with --select instanceView --expand instanceView and returns a list extracted from each item’s instanceView field (instead of returning SDK object properties).
  • Azure CLI adds az vmss get-resiliency-view (new command to return the resiliency status for a specific VM Scale Set instance; uses --instance for the instance ID and automatically requests resiliencyView), and az vmss list-instances adds a new --resiliency-view flag to fetch and display resiliency status for each instance; az vmss list-instances also updates command parameters/help in the az command reference (explicit --name/--virtual-machine-scale-set-name, --expand, --filter, --select, and new pagination flags --max-items / --next-token under “Pagination”, plus guidance that Flexible Orchestration mode users should use az vm list for full details).
  • Azure CLI az sig image-version create and az sig image-version update now surface a breaking-change warning indicating upcoming default-value changes for Azure Compute Gallery image versions: --end-of-life-date defaulting to “6 months from publish date” and --block-deletion-before-end-of-life defaulting to true when the flags aren’t specified.
  • Azure CLI az command reference: added new preview command groups for Azure Cosmos DB Fleet management — az cosmosdb fleet (create/list/show/delete), az cosmosdb fleetspace (create/list/show/update/delete), and az cosmosdb fleetspace account (create/list/show/delete), including new required parameters like --fleet-name, --fleetspace-name, and --fleetspace-account-name plus example usage in _help.py; az cosmosdb fleetspace create|update requires/validates --body (-b) JSON payload (string or @file) with documented fields under properties including serviceTier, dataRegions, and throughputPoolConfiguration.minThroughput/maxThroughput; az cosmosdb fleetspace account create requires/validates --body (-b) requiring properties.globalDatabaseAccountProperties.resourceId (ARM resource ID) and armLocation.
  • Azure CLI az cosmosdb create / az cosmosdb update add account-level flags --enable-pbe (priority based execution) and --default-priority-level (enum DefaultPriorityLevel), and add a new --disable-local-auth three-state flag (true/false/unset) to disable key-based authentication on a Cosmos DB account (enforcing Microsoft Entra ID for data-plane access); docs should also cover how --disable-local-auth differs from --disable-key-based-metadata-write-access (control-plane metadata writes).
  • Azure CLI az cosmosdb restore: updated the meaning of --location help text and added --source-backup-location for cross-region restore scenarios; --source-backup-location is no longer marked as preview (now GA), and request construction was fixed so it is applied via restoreParameters.sourceBackupLocation (instead of being passed at the top level), changing behavior from “flag accepted but restore may fail/ignore it” to “cross-region restore works as documented”.
  • Azure CLI az postgres flexible-server fabric-mirroring (start/stop/update-databases): Fabric mirroring is now allowed on high availability-enabled PostgreSQL Flexible Server instances when the server version is PostgreSQL 17 or 18; the previous CLI error (“Fabric mirroring is not supported on servers with high availability enabled.”) now only applies to HA servers on earlier PostgreSQL versions.
  • Azure CLI az postgres flexible-server create / az postgres flexible-server update high availability changes: add --zonal-resiliency {Enabled,Disabled} (default Disabled on create) and --allow-same-zone (requires --zonal-resiliency Enabled; in single-AZ regions --zonal-resiliency Enabled requires --allow-same-zone); deprecate --high-availability (errors if both --high-availability and --zonal-resiliency are provided); tie --standby-zone usage to enabling HA via --zonal-resiliency Enabled (still enforcing different primary/standby zones), and az postgres flexible-server update now correctly supports --zonal-resiliency Enabled together with --standby-zone <zone> without incorrectly failing validation; HA is now supported with --storage-type PremiumV2_LRS (Premium SSD v2) (the prior validator block was removed).
  • Azure CLI az postgres flexible-server defaults/semantics and command surface changes: default location (when --location isn’t specified) changed from eastus to canadacentral; breaking change that az postgres flexible-server migration delete now invokes the migration cancel operation (cancels an active migration) rather than deleting a migration resource; az postgres flexible-server advanced-threat-protection-setting show now reads from the PostgreSQL Flexible Server AdvancedThreatProtectionSettings API surface (via azure-mgmt-postgresqlflexibleservers 2.0.0 / API version 2025-08-01).
  • Azure CLI adds az postgres flexible-server autonomous-tuning (update/show/list-settings/show-settings/set-settings; recommendation listing via list-index-recommendations and list-table-recommendations with --recommendation-type filtering) and deprecates/redirects az postgres flexible-server index-tuning to az postgres flexible-server autonomous-tuning; allowed --recommendation-type values expand to include ReIndex (in addition to CreateIndex/DropIndex) for both the legacy index-tuning list-recommendations and the new autonomous-tuning list-index-recommendations; postgres flexible-server location capability output field changed from index_tuning_supported to autonomous_tuning_supported.
  • Azure CLI az postgres flexible-server index-tuning --enabled true no longer fails with the region capability errors “The location is restricted for provisioning of flexible servers…” or “No available SKUs in this location.” when the PostgreSQL Flexible Server Capabilities API returns OfferRestricted=Enabled/non-Disabled; it now bypasses the “offer restriction” check and only enforces whether IndexTuning is supported for the server’s region.
  • Azure CLI (az command reference): az postgres flexible-server {backup|db|firewall-rule|identity|long-term-retention|microsoft-entra-admin|migration|parameter|replica} list now supports using --ids (server resource ID) for list operations (instead of requiring explicit --server-name/-s); breaking: az postgres flexible-server replica promote switches the replica identifier flag from --server-name/-s to --name/-n (“Name of the read replica”); breaking: az postgres flexible-server migration {create|show|list|update|check-name-availability} changes the target server parameter from --name/-n to --server-name/-s.
  • Azure CLI az postgres flexible-server replica create: adds --name/-n for the read-replica server name, updates examples to use --name, and deprecates --replica-name with redirect to --name (users must now provide either --name or the deprecated --replica-name; otherwise the command errors); Azure CLI breaking-change announcements (targeted for CLI breaking-change release 2.86.0, May 2026) state that az postgres flexible-server backup, db, firewall-rule, long-term-retention, and migration will deprecate/remove --backup-name, --database-name, --rule-name, and --migration-name, repurpose --name/-n to mean the child resource, and introduce --server-name/-s to specify the server.
  • Azure CLI az postgres flexible-server upgrade now allows --version/-v 18 (PostgreSQL 18) by extending accepted enum values; help examples for az postgres flexible-server upgrade (and the az postgres flexible-server create example showing --version) are updated to use PostgreSQL version 18.
  • Azure CLI az postgres flexible-server create: adds --database-name (mapped to database_name) for Elastic Cluster creation, where the value is passed as the cluster default_database_name instead of always using the previous default (postgres); breaking: it now defaults --database-name/-d to None (no default database is assumed), and validation now requires --database-name/-d to be used only when --cluster-option ElasticCluster is used (otherwise the command fails with an argument usage error).
  • Azure CLI az sql mi create / az sql mi update add --memory to set memory_size_in_gb (memory size specified in GB), and az sql mi update now explicitly clears requested_logical_availability_zone on update requests to avoid failures caused by the default 'NoPreference' value.
  • Azure CLI adds az monitor dashboard command group to manage Dashboard with Grafana (Microsoft.Dashboard/dashboards) resources, including: create (PUT 2025-09-01-preview, idempotent create-or-update; required --resource-group, --location, and --name/--dashboard-name with the documented name pattern constraint; optional --tags; supports --no-wait), delete (interactive confirmation unless --yes), show, list (scoped to required --resource-group, nextLink-based pagination), and wait (standard wait semantics; requires --resource-group and --name/--dashboard-name).
  • Azure CLI az containerapp env create adds --infrastructure-resource-group/-i (optional; if not provided CLI generates a resource group name automatically) and validation now requires -i be used only with --infrastructure-subnet-resource-id/-s and --enable-workload-profiles/-w (otherwise the command fails with a required-argument error); az containerapp compose create now supports docker-compose services that specify env_file but omit environment (fixes crash TypeError: 'NoneType' object is not iterable).
  • Azure CLI az identity create and az identity update add --isolation-scope (enum None, Regional) to set isolationScope; Azure CLI introduces a new az identity update command supporting updates to --tags and --isolation-scope; default API version for ResourceType.MGMT_MSI operations switches to 2024-11-30 (from 2023-01-31).
  • Azure CLI az aks install-cli adds --gh-token to pass a GitHub authentication token when downloading kubelogin from GitHub releases; az aks nodepool update adds/updates --gpu-driver (enum; "Install" or "None", persisted to gpuProfile.driver); az aks nodepool add/update --os-sku now accepts a new Linux value Ubuntu2404.
  • Breaking: Azure CLI az maps creator command group has been removed; breaking: az maps account create now defaults to --kind Gen2 (instead of Gen1) and default --location eastus (instead of global), and explicitly supports --location/-l with resource-group defaulting behavior (get_default_location_from_resource_group).
  • Azure CLI az keyvault key create / az keyvault key import add --default-data-disk-policy (alias --default-dd-policy) to apply a default Key Release Policy for data disk encryption; validation: --default-data-disk-policy cannot be combined with --policy and is mutually exclusive with --default-cvm-policy.
  • Breaking: Azure CLI --output json serialization (azure.cli.core.util.todict) now uses azure-core’s get_backcompat_attr_name() for Azure SDK model fields, which can change emitted JSON property names (and therefore JMESPath queries) for commands returning SDK models (including az keyvault results); az keyvault command module migrates to the TypeSpec-generated management SDK (azure-mgmt-keyvault 13.0.0), which may alter returned object shapes and error details in examples/troubleshooting; az sf workflows that auto-create an Azure Key Vault now grant broader default access policies (KeyPermissions.all, SecretPermissions.all, CertificatePermissions.all) when --no-self-perms is not used.
  • Azure CLI Storage SAS/OAuth changes: add preview --user-delegation-oid for az storage blob generate-sas and az storage container generate-sas (used with --auth-mode login and --as-user); add preview --as-user and --user-delegation-oid for az storage share generate-sas, az storage file generate-sas, and az storage queue generate-sas (requirements: --auth-mode login, --expiry, and --user-delegation-oid requires --as-user); add new command az storage fs file generate-sas (supports --as-user and preview --user-delegation-oid); behavior change: when a SAS token contains sduoid= and --auth-mode login provides a token credential, client factories prefer the OAuth token credential and append the SAS to the service URL; Storage module switches from azure-multiapi-storage to Track 2 packages and removes explicit min_api gating on several az storage command groups.
  • Azure CLI MySQL Flexible Server backups: az mysql flexible-server backup delete is present (deletes an on-demand backup by --backup-name/-b for a given server --name/-n and resource group --resource-group/-g); breaking: az mysql flexible-server backup show requires explicit --resource-group/-g and --name/-n plus --backup-name/-b, and its --backup-name/-b wiring as the child resource name may affect usage with --ids / resource ID composition and scripts relying on prior ID-part parsing/inference; MySQL Flexible Server commands emit a deprecation warning for --storage-redundancy on create, restore, geo-restore, and replica create; az mysql external migration --version validation now lists 8.4 as an allowed value (in addition to 5.7 and 8.0.21).
  • Azure CLI adds a new preview command az cognitiveservices agent create (Azure AI Foundry hosted agents) to create an agent version from either an existing container image (--image) or by building and pushing from local source (--source), with built-in examples; parameters/flags include --image (must include a tag; tag becomes the agent version), --source, --registry, --dockerfile, --build-remote, --cpu, --memory, --env/--environment-variables (space-separated key=value), --protocol (responses|streaming), --protocol-version, --min-replicas, --max-replicas, --timeout, --no-wait, --no-start, and --skip-acr-check; validation/enforced rules: --image and --source mutually exclusive and one required, --build-remote requires --source, --registry required with --source, --no-start cannot be used with --min-replicas/--max-replicas, --memory must match N[.N]Gi|Mi, --cpu must be a positive number, env vars split on first =; ACR integration: local Docker build targets linux/amd64 and pushes to ACR (timeouts AZURE_CLI_DOCKER_BUILD_TIMEOUT/AZURE_CLI_DOCKER_PUSH_TIMEOUT), --source auto-tags with a timestamp-based version, falls back to remote ACR Task builds (may use buildpacks when no Dockerfile), includes an ACR access pre-check for the project managed identity (guided remediation via az role assignment create, bypassable with --skip-acr-check); default workflow auto-deploys unless --no-start, waits up to --timeout (default 600s) with progress reporting, and --no-wait returns immediately with “InProgress” and instructs using az cognitiveservices agent show.
  • Azure CLI az command reference adds new in-command examples for az netappfiles check-file-path-availability and az netappfiles check-name-availability, and adds new in-command examples for az netappfiles volume replication external replication/migration workflows: authorize-external-replication, finalize-external-replication, peer-external-cluster (including --peer-ip-addresses array syntax), and perform-replication-transfer.
  • Azure CLI 2.82.0 release documentation: update Azure CLI / azure-cli-core version references to 2.82.0; azure-cli-core 2.82.0 notes resolution of CVE-2025-66418 and CVE-2025-66471; packaging/installation note: Windows MSI distribution pins pywin32 to 310 to resolve MSI upgrade issues.

Suggestions

Note

Suggestions are generated by AI and they may not be entirely accurate or complete. Please check impacted files scope and suggestions details before making changes.

  • docs-ref-conceptual/Latest-version/release-notes-azure-cli.md:
    • In the release notes entry for the version where the change shipped (within the provided 2.81.0–2.82.0 window), under the Network section, add a [BREAKING CHANGE] note stating that az network virtual-appliance create and az network virtual-appliance update renamed the parameter --internet-ingress-public-ips to --internet-ingress-ips, because scripts using the old flag will fail.
  • docs-ref-conceptual/Latest-version/release-notes-azure-cli.md:
    • In the "January 13, 2026 – Version 2.82.0" section (RDBMS/PostgreSQL area), add the breaking/default behavior change that az postgres flexible-server commands that create resources now default --location to canadacentral when --location is omitted (previously eastus), because users following the release notes to assess impact would otherwise be unaware of the region change.
    • In the "January 13, 2026 – Version 2.82.0" section (RDBMS/PostgreSQL area), add the breaking change that az postgres flexible-server migration delete now performs the migration cancel operation (cancels an active migration) rather than deleting a migration resource, because a user invoking it after upgrading could take the wrong action based on prior semantics.
    • In the "January 13, 2026 – Version 2.82.0" section (RDBMS/PostgreSQL area), add that az postgres flexible-server advanced-threat-protection-setting show now reads from the PostgreSQL Flexible Server AdvancedThreatProtectionSettings ARM API (via azure-mgmt-postgresqlflexibleservers 2.0.0 / API version 2025-08-01), since users comparing outputs/behavior across versions could otherwise be misled about the backing API and returned shape.
  • docs-ref-conceptual/Latest-version/release-notes-azure-cli.md:
    • In the January 13, 2026 – Version 2.82.0 section under RDBMS / PostgreSQL, add a breaking-change note for az postgres flexible-server replica promote stating that the read-replica identifier parameter changed from --server-name/-s to --name/-n (otherwise users following prior scripts/knowledge will get argument errors).
    • In the January 13, 2026 – Version 2.82.0 section under RDBMS / PostgreSQL (near the migration-related bullets), add a breaking-change note for az postgres flexible-server migration {create|show|list|update|check-name-availability} stating that the target server parameter changed from --name/-n to --server-name/-s (otherwise users will invoke migration commands with the wrong parameter and the command will fail).
  • docs-ref-conceptual/Latest-version/release-notes-azure-cli.md:
    • In the January 13, 2026 – Version 2.82.0 section under RDBMS/PostgreSQL, add an entry calling out the breaking change for az postgres flexible-server replica promote: the replica identifier parameter changed from --server-name/-s to --name/-n (so scripts using --server-name will fail).
    • In the January 13, 2026 – Version 2.82.0 section under RDBMS/PostgreSQL, add an entry calling out the breaking change for az postgres flexible-server migration {create|show|list|update|check-name-availability}: the target server parameter changed from --name/-n to --server-name/-s (so scripts using --name for the server will fail).
  • docs-ref-conceptual/Latest-version/release-notes-azure-cli.md:
    • In the January 13, 2026 – Version 2.82.0 section, add a Maps subsection that documents the breaking removal of the az maps creator command group and the changed defaults/behavior for az maps account create (default --kind Gen2, default --location eastus instead of global, and the supported --location/-l behavior including resource-group location defaulting). Without this, users following the release notes may form an incorrect understanding of available commands and defaults in 2.82.0.
  • docs-ref-conceptual/Latest-version/release-notes-azure-cli.md:
    • In the January 13, 2026 (Version 2.82.0) > MySQL section, add the missing breaking change note for az mysql flexible-server backup show: it now requires explicit --resource-group/-g and --name/-n plus --backup-name/-b, and its --backup-name child-resource naming affects --ids usage/resource ID composition, which can break scripts that previously relied on implicit parsing/inference.

📚 To learn more about agentic content maintenance workflow, visit Agentic workflow for Learn content maintenance. Sign in using Learn Profile to access the content on this link.

💬 Share your feedback on the Learn Content Maintenance Agentic Workflow here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    azure-cli/svcchange-detection-agentproduct-release/sigtype

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions