Azure CLI Tools
Installation
Auto-Installation Flow
When a CLI tool is missing, follow this sequence:
1. Detect Missing Tool
Check for these error patterns:
- •
'az' is not recognizedoraz: command not found - •
'azd' is not recognizedorazd: command not found - •
'func' is not recognizedorfunc: command not found - •
'docker' is not recognizedordocker: command not found
2. Offer One-Click Install
Use AskUserQuestion to offer installation:
"I detected that [TOOL] is not installed. Would you like me to install it now?"
- •Yes, install it
- •No, I'll install it manually
3. Run Installation Command
Windows (preferred - winget):
# Azure CLI winget install Microsoft.AzureCLI --accept-source-agreements --accept-package-agreements # Azure Developer CLI winget install Microsoft.Azd --accept-source-agreements --accept-package-agreements # Azure Functions Core Tools winget install Microsoft.Azure.FunctionsCoreTools --accept-source-agreements --accept-package-agreements # Docker Desktop winget install Docker.DockerDesktop --accept-source-agreements --accept-package-agreements
macOS:
# Azure CLI brew install azure-cli # Azure Developer CLI brew tap azure/azd && brew install azd # Azure Functions Core Tools brew tap azure/functions && brew install azure-functions-core-tools@4 # Docker Desktop brew install --cask docker
Linux (Ubuntu/Debian):
# Azure CLI curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash # Azure Developer CLI curl -fsSL https://aka.ms/install-azd.sh | bash # Azure Functions Core Tools curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg sudo mv microsoft.gpg /etc/apt/trusted.gpg.d/microsoft.gpg sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/microsoft-ubuntu-$(lsb_release -cs)-prod $(lsb_release -cs) main" > /etc/apt/sources.list.d/dotnetdev.list' sudo apt-get update && sudo apt-get install azure-functions-core-tools-4 # Docker sudo apt-get install docker.io sudo systemctl enable docker && sudo systemctl start docker
4. Verify Installation
# After installation, verify: az version azd version func --version docker version
5. Handle PATH Issues
If command still not found after install:
Windows:
- •Restart terminal
- •Or run:
refreshenv(if using Chocolatey) - •Or start new PowerShell/CMD window
macOS/Linux:
- •Run:
source ~/.bashrcorsource ~/.zshrc - •Or start new terminal session
Using MCP Install Tool
The Azure MCP server provides installation guidance:
Tool: azure__extension_cli_install Parameters: - cli-type: "az" | "azd" | "func"
Example:
Use azure__extension_cli_install with cli-type: "azd"
This returns platform-specific installation instructions.
Tool Priority
For Azure deployments, install in this order:
| Priority | Tool | Required For |
|---|---|---|
| 1 | azd | Application deployments (ALWAYS use this) |
| 2 | az | Resource queries, manual operations |
| 3 | docker | Container builds, local testing |
| 4 | func | Local Functions development |
Quick Check Script
Run this to check all tools at once:
# Bash version
echo "=== Azure Tools Check ==="
echo -n "az: " && (az version --query '"azure-cli"' -o tsv 2>/dev/null || echo "NOT INSTALLED")
echo -n "azd: " && (azd version 2>/dev/null || echo "NOT INSTALLED")
echo -n "docker: " && (docker version --format '{{.Server.Version}}' 2>/dev/null || echo "NOT INSTALLED")
echo -n "func: " && (func --version 2>/dev/null || echo "NOT INSTALLED")
# PowerShell version
Write-Host "=== Azure Tools Check ==="
Write-Host -NoNewline "az: "; try { az version --query '"azure-cli"' -o tsv 2>$null } catch { Write-Host "NOT INSTALLED" }
Write-Host -NoNewline "azd: "; try { azd version 2>$null } catch { Write-Host "NOT INSTALLED" }
Write-Host -NoNewline "docker: "; try { docker version --format '{{.Server.Version}}' 2>$null } catch { Write-Host "NOT INSTALLED" }
Write-Host -NoNewline "func: "; try { func --version 2>$null } catch { Write-Host "NOT INSTALLED" }
Authentication After Installation
Azure CLI (az)
# Interactive (opens browser) az login # Device code (headless/remote) - use if browser login fails az login --use-device-code # Service principal (CI/CD) az login --service-principal -u APP_ID -p SECRET --tenant TENANT_ID
Azure Developer CLI (azd)
# Uses Azure CLI credentials by default # Or explicitly: azd auth login # Check authentication status azd auth login --check-status
⚠️ For automation/CI-CD: Always use
--no-promptwith azd commands to avoid interactive prompts blocking execution.
Tip: If device code auth times out repeatedly, run az login in a separate terminal window where you can interact with it directly.
Common Installation Issues
| Issue | Solution |
|---|---|
| winget not found | Install App Installer from Microsoft Store |
| brew not found | Install Homebrew: /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)" |
| Permission denied | Run as Administrator (Windows) or use sudo (Linux) |
| Old version installed | Run az upgrade or brew upgrade azure-cli |
| PATH not updated | Restart terminal or source shell config |
Bulk Install (All Tools)
Windows:
winget install Microsoft.AzureCLI Microsoft.Azd Docker.DockerDesktop --accept-source-agreements --accept-package-agreements
macOS:
brew install azure-cli && brew install azd && brew install --cask docker
💡 Note:
brew install azdworks directly without needingbrew tap azure/azdin recent Homebrew versions.
Command Cheatsheet
Authentication
# Interactive login az login # Device code flow (headless) az login --use-device-code # Service principal az login --service-principal -u APP_ID -p PASSWORD --tenant TENANT_ID # Check current account az account show # List subscriptions az account list --output table # Set subscription az account set --subscription "Subscription Name"
Resource Management
# List resource groups az group list --output table # Create resource group az group create --name RG --location eastus # List resources in group az resource list -g RG --output table # Delete resource group az group delete --name RG --yes
Storage
# List storage accounts az storage account list --output table # List containers az storage container list --account-name ACCOUNT --output table # List blobs az storage blob list --account-name ACCOUNT --container-name CONTAINER --output table # Upload blob az storage blob upload --account-name ACCOUNT --container-name CONTAINER --name BLOB --file FILE # Download blob az storage blob download --account-name ACCOUNT --container-name CONTAINER --name BLOB --file FILE
SQL Database
# List SQL servers az sql server list --output table # List databases az sql db list --server SERVER -g RG --output table # Create firewall rule az sql server firewall-rule create --server SERVER -g RG --name RULE --start-ip-address IP --end-ip-address IP
Key Vault
# List vaults az keyvault list --output table # List secrets az keyvault secret list --vault-name VAULT --output table # Get secret az keyvault secret show --vault-name VAULT --name SECRET # Set secret az keyvault secret set --vault-name VAULT --name SECRET --value VALUE
App Service
# List web apps az webapp list --output table # Get app details az webapp show --name APP -g RG # Deploy ZIP az webapp deploy --name APP -g RG --src-path app.zip --type zip # View logs az webapp log tail --name APP -g RG
Functions
# List function apps az functionapp list --output table # Get app settings az functionapp config appsettings list --name APP -g RG # Set app settings az functionapp config appsettings set --name APP -g RG --settings KEY=VALUE
Container Apps
# List container apps az containerapp list --output table # Deploy az containerapp up --name APP -g RG --image IMAGE --ingress external --target-port 8080 # View logs az containerapp logs show --name APP -g RG --follow
AKS
# List clusters az aks list --output table # Get credentials az aks get-credentials --name CLUSTER -g RG # Scale node pool az aks nodepool scale --cluster-name CLUSTER -g RG --name POOL --node-count 5
Azure Developer CLI (azd)
# Initialize project azd init --template TEMPLATE # Provision and deploy azd up # For automation/agent scenarios - use --no-prompt azd up --no-prompt azd provision --no-prompt azd deploy --no-prompt # Preview changes before deployment azd provision --preview # Deploy code only azd deploy --no-prompt # Tear down resources azd down # View deployed resources azd show
⚠️ CRITICAL:
azd downData Loss Warning
azd downpermanently deletes ALL resources in the environment, including:
- •Databases with all data (Cosmos DB, SQL, PostgreSQL, etc.)
- •Storage accounts with all blobs and files
- •Key Vault with all secrets (use
--purgeto bypass soft-delete)Flags:
- •
azd down- Prompts for confirmation- •
azd down --force- Skips confirmation (still soft-deletes Key Vault)- •
azd down --force --purge- Permanently deletes Key Vault (no recovery possible)Best practices:
- •Always use
azd provision --previewbeforeazd upto understand what will be created- •Use separate environments for dev/staging/production
- •Back up important data before running
azd down
Monitoring
# Query logs az monitor log-analytics query --workspace WORKSPACE_ID --analytics-query "QUERY" # List activity log az monitor activity-log list -g RG --max-events 20
Advanced Tips and Patterns
Output Formatting
Table Output (Human Readable)
az resource list -g RG --output table
JSON Output (Scripting)
az resource list -g RG --output json
TSV Output (Parsing)
az resource list -g RG --output tsv
YAML Output
az resource list -g RG --output yaml
JMESPath Queries
Select Specific Fields
az resource list --query "[].{Name:name, Type:type}" -o table
Filter Results
# Exact match az resource list --query "[?type=='Microsoft.Web/sites']" -o table # Contains az resource list --query "[?contains(name, 'prod')]" -o table # Multiple conditions az resource list --query "[?type=='Microsoft.Web/sites' && contains(name, 'api')]" -o table
Get Single Value
az account show --query "id" -o tsv
First/Last Item
az resource list --query "[0].name" -o tsv az resource list --query "[-1].name" -o tsv
Environment Variables
Set Default Subscription
# Bash version export AZURE_DEFAULTS_SUBSCRIPTION="subscription-id"
# PowerShell version $env:AZURE_DEFAULTS_SUBSCRIPTION = "subscription-id"
Set Default Location
# Bash version export AZURE_DEFAULTS_LOCATION="eastus"
# PowerShell version $env:AZURE_DEFAULTS_LOCATION = "eastus"
Set Default Resource Group
# Bash version export AZURE_DEFAULTS_GROUP="my-resource-group"
# PowerShell version $env:AZURE_DEFAULTS_GROUP = "my-resource-group"
Scripting Patterns
Get Resource ID
# Bash version RESOURCE_ID=$(az webapp show -n APP -g RG --query "id" -o tsv)
# PowerShell version $RESOURCE_ID = az webapp show -n APP -g RG --query "id" -o tsv
Loop Over Resources
# Bash version for app in $(az webapp list -g RG --query "[].name" -o tsv); do echo "Processing $app" az webapp show -n "$app" -g RG done
# PowerShell version
$apps = az webapp list -g RG --query "[].name" -o tsv
foreach ($app in $apps) {
Write-Host "Processing $app"
az webapp show -n $app -g RG
}
Check If Resource Exists
# Bash version if az webapp show -n APP -g RG &>/dev/null; then echo "App exists" else echo "App does not exist" fi
# PowerShell version
$result = az webapp show -n APP -g RG 2>$null
if ($LASTEXITCODE -eq 0) {
Write-Host "App exists"
} else {
Write-Host "App does not exist"
}
Wait for Operation
# Bash version az webapp create ... --no-wait az webapp wait --name APP -g RG --created
# PowerShell version az webapp create ... --no-wait az webapp wait --name APP -g RG --created
Error Handling
Suppress Errors
# Bash version az resource show --ids ID 2>/dev/null || echo "Not found"
# PowerShell version
$result = az resource show --ids ID 2>$null
if (-not $result) { Write-Host "Not found" }
Check Exit Code
# Bash version if az webapp show -n APP -g RG; then echo "Success" else echo "Failed with code $?" fi
# PowerShell version
az webapp show -n APP -g RG
if ($LASTEXITCODE -eq 0) {
Write-Host "Success"
} else {
Write-Host "Failed with code $LASTEXITCODE"
}
Configuration
View Config
az config get
Set Defaults
az config set defaults.group=myRG az config set defaults.location=eastus
Disable Telemetry
az config set core.collect_telemetry=false
Extensions
List Extensions
az extension list
Add Extension
az extension add --name extension-name
Update Extensions
az extension update --name extension-name
Performance Tips
- •Use
--no-waitfor long operations - •Use
--queryto reduce output size - •Use TSV output for parsing
- •Cache results when querying multiple times
- •Use resource IDs instead of name lookups
Common Issues
Command Not Found
# Update CLI az upgrade # Or reinstall curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash
Authentication Expired
az login --use-device-code
Permission Denied
Check RBAC roles:
az role assignment list --assignee USER@domain.com