The Blacks At Microsoft Academy or BAM Academy is an education program dedicated to delivering courses to minority groups in Microsoft technologies and computer sciences.

Our goal is to provide minorities the tools necessary to join the labor community worldwide, in companies such as Microsoft, which are always seeking new talent around the STEAM careers.

Our vision is to provide:

– Increase minority racial representation at Microsoft

– Inspire future generations to get involved in STEAM careers

– Empower minorities.

The academy was created by a group of volunteers just to teach the basics of cloud technology to a group of students. With the support of Microsoft, it has grown organically and through the incorporation of more volunteers of other technologies, we were able to build a robust platform that includes our own education tenant and many services such as Microsoft Community Training, Office 365 and Azure AD. Over the years, BAM Academy has seen not only its curricula grow, but also its cloud presence with many workloads to support over 3000 students. Today, BAM Academy has over 40 services in its cloud platform that are maintained by a group of volunteers.

Your mission

The Minihack challenges are part of the training offered by the academy and it was designed with a couple of scenarios where you will be part of the IT team of the BAM Academy for a day. The intention is that you deploy multiple workloads based on the requirements from the CTO of the educations institution.

**Your mission, should you accept it, is to help your team to deploy the workloads to comply with the business requirements and successfully implement multiple workloads.**

The success of your team depends on your ability to perform those tasks.

Architecture

The environment is composed of:

An office 365 tenant for education
Azure platform
- 2 Azure subscriptions
- Azure AD Domain Services
- Windows Virtual Desktop
- Azure Front Door
A an onpremise environment with Active Directory running
Microsoft Community Training – LMS (Blacks At Microsoft Academy (bam-academy.com))

The following schema shows the overall architecture:

Glossary

Account

An account that's used to access and manage an Azure subscription. It's often referred to as an Azure account although an account can be any of these: an existing work, school, or personal Microsoft account. You can also create an account to manage an Azure subscription when you sign up for the free trial.
See Sign up for an Azure subscription with your Microsoft 365 account and Accounts you can use to sign in.

API app

Another name for App Service app.

App Service app

The compute resources that Azure App Service provides for hosting a website or web application, web API, or mobile app backend. App Service apps are also referred to as App Services, web apps, API apps, and mobile apps.

Availability set

A collection of virtual machines that are managed together to provide application redundancy and reliability. The use of an availability set ensures that during either a planned or unplanned maintenance event at least one virtual machine is available.
See Manage the availability of Windows virtual machines and Manage the availability of Linux virtual machines

Azure classic deployment model

One of two deployment models used to deploy resources in Azure (the new model is Azure Resource Manager). Some Azure services support only the Resource Manager deployment model, some support only the classic deployment model, and some support both. The documentation for each Azure service specifies which model(s) they support.

Azure CLI

A command-line interface for managing Azure resources from Windows, macOS, and Linux environments. Some services or service features can be managed only via PowerShell or the CLI. See Azure CLI

Azure PowerShell

A command-line interface to manage Azure services via a command line from Windows PCs. Some services or service features can be managed only via PowerShell or the CLI. See How to install and configure Azure PowerShell

Azure Resource Manager deployment model

One of two deployment models used to deploy resources in Microsoft Azure (the other is the classic deployment model). Some Azure services support only the Resource Manager deployment model, some support only the classic deployment model, and some support both. The documentation for each Azure service specifies which model(s) they support.

Fault domain

The collection of virtual machines in an availability set that can possibly fail at the same time. An example is a group of machines in a rack that share a common power source and network switch. In Azure, the virtual machines in an availability set are automatically separated across multiple fault domains.
See Manage the availability of Windows virtual machines or Manage the availability of Linux virtual machines

Geo

A defined boundary for data residency that typically contains two or more regions. The boundaries may be within or beyond national borders and are influenced by tax regulation. Every geo has at least one region. Examples of geos are Asia Pacific and Japan. Also called geography.
See Azure Regions

Geo-replication

The process of automatically replicating content such as blobs, tables, and queues within a regional pair.
See Active Geo-Replication for Azure SQL Database

Image

A file that contains the operating system and application configuration that can be used to create any number of virtual machines. In Azure there are two types of images: VM image and OS image. A VM image includes an operating system and all disks attached to a virtual machine when the image is created. An OS image contains only a generalized operating system with no data disk configurations.
See Navigate and select Windows virtual machine images in Azure with PowerShell or the CLI

Limits

The number of resources that can be created or the performance benchmark that can be achieved. Limits are typically associated with subscriptions, services, and offerings.
See Azure subscription and service limits, quotas, and constraints

Load balancer

A resource that distributes incoming traffic among computers in a network. In Azure, a load balancer distributes traffic to virtual machines defined in a load-balancer set. A load balancer can be internet-facing, or it can be internal.

Mobile app

Another name for App Service App.

Offer

The pricing, credits, and related terms applicable to an Azure subscription.
See the Azure offer details page

Portal

The secure web portal used to deploy and manage Azure services.

Region

An area within a geo that does not cross national borders and contains one or more datacenters. Pricing, regional services, and offer types are exposed at the region level. A region is typically paired with another region, which can be up to several hundred miles away. Regional pairs can be used as a mechanism for disaster recovery and high availability scenarios. Also referred to as location.
See Azure Regions

Resource

An item that is part of your Azure solution. Each Azure service enables you to deploy different types of resources, such as databases or virtual machines.
See Azure Resource Manager overview

Resource group

A container in Resource Manager that holds related resources for an application. The resource group can include all of the resources for an application, or only those resources that are logically grouped together. You can decide how you want to allocate resources to resource groups based on what makes the most sense for your organization.
See Azure Resource Manager overview

Resource Manager template

A JSON file that declaratively defines one or more Azure resources and that defines dependencies between the deployed resources. The template can be used to deploy the resources consistently and repeatedly.
See Authoring Azure Resource Manager templates

Resource provider

A service that supplies the resources you can deploy and manage through Resource Manager. Each resource provider offers operations for working with the resources that are deployed. Resource providers can be accessed through the Azure portal, Azure PowerShell, and several programming SDKs.
See Azure Resource Manager overview

Role

A means for controlling access that can be assigned to users, groups, and services. Roles are able to perform actions such as create, manage, and read on Azure resources.
See RBAC: Built-in roles

Service level agreement (SLA)

The agreement describes Microsoft's commitments for uptime and connectivity. Each Azure service has a specific SLA.
See Service Level Agreements

Shared access signature (SAS)

A signature that enables you to grant limited access to a resource, without exposing your account key. For example, Azure Storage uses SAS to grant clients access to objects such as blobs. IoT Hub uses SAS to grant devices permission to send telemetry.

Storage account

An account that gives you access to the Azure Blob, Queue, Table, and File services in Azure Storage. The storage account name defines the unique namespace for Azure Storage data objects.
See About Azure storage accounts

Subscription

A customer's agreement with Microsoft enables them to obtain Azure services. The subscription pricing and related terms are governed by the offer chosen for the subscription. See Microsoft Online Subscription Agreement and How Azure subscriptions are associated with Azure Active Directory

Tag

An indexing term that enables you to categorize resources according to your requirements for managing or billing. When you have a complex collection of resources, you can use tags to visualize those assets in the way that makes the most sense. For example, you could tag resources that serve a similar role in your organization or belong to the same department.
See Using tags to organize your Azure resources

Tenant

A tenant is a group of users or an organization that shares access with specific privileges to an instance of a product, service, or application. In Azure Active Directory a tenant is an instance of Azure Active Directory that an organization receives when it signs up for a cloud application like Microsoft 365. Each Azure AD tenant is distinct and separate from other Azure AD tenants. Multitenancy refers to an instance of an application shared by multiple organizations, each with separate access to the instance.

Update domain

The collection of virtual machines in an availability set that is updated at the same time. Virtual machines in the same update domain are restarted together during planned maintenance. Azure never restarts more than one update domain at a time. Also referred to as an upgrade domain.
See Manage the availability of Windows virtual machines and Manage the availability of Linux virtual machines

Virtual machine

The software implementation of a physical computer that runs an operating system. Multiple virtual machines can run simultaneously on the same hardware. In Azure, virtual machines are available in a variety of sizes.
See Virtual Machines documentation

Virtual machine extension

A resource that implements behaviors or features that either help other programs work or provide the ability for you to interact with a running computer. For example, you could use the VM Access extension to reset or modify remote access values on an Azure virtual machine.

See About virtual machine extensions and features (Windows) or About virtual machine extensions and features (Linux)

Virtual network

A network that provides connectivity between your Azure resources that is isolated from all other Azure tenants. An Azure VPN Gateway lets you establish connections between virtual networks and between a virtual network and an on-premises network. You can fully control the IP address blocks, DNS settings, security policies, and route tables within a virtual network.
See Virtual Network Overview

Web app

Another name for App Service App.