Terraform_data and runnung sqlcmd

Hi,
out of my terraform confiugration, I want to configure soem user on an Azure SQL Database

the command sqlcmd -S my-sql-server.database.windows.net -d master -U %ARM_CLIENT_ID%@%ARM_TENANT_ID% -P %ARM_CLIENT_SECRET% -Q "CREATE LOGIN [awi-d-mil-weu-svc0000] FROM EXTERNAL PROVIDER;" --authentication-method ActiveDirectoryServicePrincipal works fine, if I’m running it manually in my cmd shell on windows.

When executing it in a local-exec provisioner inside my terraform_data block

  provisioner "local-exec" {
    command = <<-EOT
    sqlcmd -S ${module.mssqlsrv[0].fully_qualified_domain_name} -d master -U %ARM_CLIENT_ID%@%ARM_TENANT_ID% -P %ARM_CLIENT_SECRET% -Q "CREATE LOGIN [${each.value.awi_name}] FROM EXTERNAL PROVIDER;" --authentication-method ActiveDirectoryServicePrincipal
    EOT
    working_dir = "c:/tools/"
  }

it fails. it my be the reason because the exceuted command looks a littly bit differen

["cmd" "/C" "sqlcmd -S my-sql-server.database.windows.net -d master -U %ARM_CLIENT_ID%@%ARM_TENANT_ID% -P %ARM_CLIENT_SECRET% -Q \"CREATE LOGIN [awi-d-mil-weu-svc0000] FROM EXTERNAL PROVIDER;\" --authentication-method ActiveDirectoryServicePrincipal\r\n"]

What I’m doing wrong?
Many thanks
Joerg