Az Cli Core on PowerShell Core – Escaping Parameters

If you are deploying Azure solutions, you face the requirement to do infrastructure as code to create repeatable, idempotent deployments.
These ideally should be parameterized and automated, e.g. using Azure DevopOps pipelines. AZ Cli Core can be a great asset here!
In contrast to ARM templates or Terraform scripts Az Cli Core scripts do not require a steep learning curve, because they look much more familiar to anybody who has ever written a batch script.
I also do appreciate the compactness and the easier handling, which helps a lot to reduce the otherwise steep learning curve into IaC.
In addition, as a developer, I feel much more at home working in a “real” programming/scripting environment, instead of wrapping my mind around JSON templates, which have program workflow assets bolted on as needed.

A few things to keep in mind are:

  • Run Az Cli / PowerShell Core scripts on Linux or IOS build machines – the Windows version is not idempotent!
  • Az Cli is quite new and a lot of commands are still in their early stages (experimental – as the product group calls it).
  • Not all Azure infrastructure areas are covered by Az Cli yet. – This can be mitigated by calling ARM Templates from the Cli script, if required. This is not ideal, but real life seldom is black and white. 🙂 The white areas are also shrinking fast!

One of the largest obstacles getting started with Az Cli Core in combination with PowerShell Core, well, at least to me, was the handling of parameters.
To get over this, it is good to understand that Az Cli Core is written in Python. Due to this, if you need to escape parameters, for example, if you want to install a script extension to a VM, one needs to use Python escape mechanisms not the PowerShell ones, because the Python code is on the receiving end.

az vm extension set -n VMAccessForLinux --publisher Microsoft.OSTCExtensions --version 1.4 \
--vm-name MyVm --resource-group MyResourceGroup \
--protected-settings '{"username":"user1", "ssh_key":"ssh_rsa …"}'

“–protected-settings” expects JSON input with quotation marks, which need to be escaped. And, as stated before, do not use the PowerShell escape tick ‘ , but this template for escaping.

Json escape sequence template for Az Cli

this would read for the sample –protected-settings:

'{\"username\":\"user1\", \"ssh_key\":\"ssh_rsa …\"}'

The backslash will help you out!

If the JSON input gets longer, doing this manually is quite tedious and I am going to show another technique using JSON parameter files in on of my upcoming posts, as well.
That one is also great to handle dynamic input.

Stay tuned. 🙂


Cloud News 2021 / Q1

The Wechsler Consulting Cloud News – 2021 / Q1 – episode tackles newest information originating from Microsoft Ignite 2021 around Azure and Azure IOT. Some very interesting changes regarding local/centralized computing as well as creators/innovators were announced.

Focus Topic this time is Azure IOT Device Update.
A long desired device management capability for Azure IOTHub.


Microsoft Ignite 2021
Decentralized Computing  / Empower creators innovators

Microsoft Mesh
Introducing Microsoft Mesh | Here can be anywhere.

Focus Topic
Azure IOT – Device Update
Introduction to Device Update for Azure IoT Hub | Microsoft Docs

Wechsler Consulting – Cloud Campus
Model your world – with Digital Twins!
Azure IOTHub – time to update endpoint filter

#WechslerConsultingCloudCampus #AzureIOT  #Azure

Model your world – with Digital Twins!

And I mean this literally. What if you can access your town, streets, places, building etc. digitally via a twin? Everything needs to be secure and privacy guaranteed, of course (yes, I am German/European :-)), but, would this not open a lot of possibilities for new solutions and business models?
One would be able to conquer the space around us and easily provide location-based services. Just add a little bit of augmented reality and/or smart screens and science-fiction like scenarios become possible.
Sounds good? Well, than this episode of the Channel 9 IOT Show is a must see for you:

If you also add a spoonful of IOT Plug & Play to the stew, things are really able to take off!

Have a great week

Azure IOTHub – time to update endpoint filter

There is a new and more secure IP-endpoint-filter out! The new one is more secure and the old one will be retired after a while. So, if you are using IOTHub in your solution, you need to upgrade!

Nevertheless, test the filter in your development environment, before rolling it out in production.
It should normally not have any negative effects, if you are using the endpoints in a standard way, but one only ever knows after trying it out.


Cloud News 2020 / 12

The Wechsler Consulting Cloud News – December 2020 – episode provides insights on the newest Azure IOT Central features, the latest additions of virtual network private endpoints for Azure Automation and IOTHub as well as the release of Event Hubs on Azure Stack, which all have reached global availability (GA) this month.

Focus Topic of this month are Azure Digital Twins. A new platform service providing sophisticated querying and management capabilities for comprehensive IOT solutions. All backed by great infrastructure and Tool support.

#WechslerConsultingCloudCampus #AzureIOT  #Azure

Azure Digital Twins reach Production

Azure Digital Twins are the virtual counterparts of systems, sensors or even complete factories in the real world.
The Digital-Twin concept has already around for a time and I have used it in several customer projects, to get a as-good-as real-time view on the state of complex systems. It comes with the additional benefit of having historical data, e.g. to follow up on errors, or predict the future with the help of machine learning algorithms. In addition, the ability to simulate and test possible future situations or different development scenarios with a close-to-reality model, cannot be overrated!

While these custom implementations are working great, it must be admitted that there is significant effort necessary to reach this goal.
Due to this, I consider Azure Digital Twins as the arrival of a game changing platform service for future IOT solutions. Azure Digital Twins save a lot of development effort, are very good integrated with other Azure IOT offerings such as IOTHub, IOT Central and build on IOT Plug & Play. This is taking the fast lane !
It is a powerful combination of services, which are going to revolutionize the way IOT solutions will be built in the coming years.
The good development story behind Twins is supported by great tools for visualizing and reporting. This is something often neglected by standard IOT approaches. Any neglection in this area is dangerous, because capable reporting and querying functionality is essential to run, maintain and evolve your solutions in field.

I predict the Azure Digital Twins will be seen quite often in upcoming solutions.


Cloud News 2020 / 11

The Wechsler Consulting Cloud News – November 2020 – episode talks about renewable energy in Azure data centers in Sweden, the newest feature in Azure IOT and very helpful addition to create Azure Active Directory B2C custom user journeys, which are intended to solve one of the major pain point of this service.

Highlight and Focus Topic of this month is Microsoft Pluton. A new hard- and software security solution derived from Xbox and Azure Sphere now entering the PC stage.

#WechslerConsultingCloudCampus #AzureIOT  #Azure

Azure Talk

Renewable energy in Sweden

AAD B2C – User Flows

IOT Plug and Play Bridge

Connect any IoT sensorto Azure | Internet of Things Show | Channel 9 (

Azure Sphere and Cellular Connectivity

Azure SphereCellular Connectivity | Internet of Things Show | Channel 9 (

Cellularconnectivity + Azure Sphere: securityboundaries – Microsoft Tech Community

New IOT Pricing

Focus Topic

Microsoft Pluton Processor

Meet the Microsoft Pluton processor – The securitychipdesigned for the futureof Windows PCs – Microsoft Security

Protect Azure Data Centers with Azure Sphere