Avoid manual processes if there is a code process available

[Commochief]

Describe the bug
Working thru the Demo 1 - during the module Part 5: Deploy Kubernetes Workload you ask the learner to open the portal and do some actions. These actions can and should be code. I feel like you are breaking your own rules/suggestions by having the learner open the portal to do manual task.

Az CLI Create AzureAD Group - https://learn.microsoft.com/en-us/cli/azure/ad/group?view=azure-cli-latest#az-ad-group-create
Az CLI Create AzureAD SPN - https://learn.microsoft.com/en-us/cli/azure/ad/sp?view=azure-cli-latest#az-ad-sp-create-for-rbac

Expected behavior

Example Az CLI to create AAD Group:

PS C:\Users\joshuastaley> az ad group create --display-name "K8S Cluster Administrators" --description "Administrators of Kubernetes Clusters" --mail-nickname "K8SClusterAdministrators" { "deletionTimestamp": null, "description": "Administrators of Kubernetes Clusters", "dirSyncEnabled": null, "displayName": "K8S Cluster Administrators", "lastDirSyncTime": null, "mail": null, "mailEnabled": false, "mailNickname": "K8SClusterAdministrators", "objectId": "XXXXXX-XXXXXX-85c4-861f1fad5f45", "objectType": "Group", "odata.metadata": "https://graph.microsoftazure.us/XXXXXX-XXXXXX-af54-603a8d840878/$metadata#directoryObjects/@Element", "odata.type": "Microsoft.DirectoryServices.Group", "onPremisesDomainName": null, "onPremisesNetBiosName": null, "onPremisesSamAccountName": null, "onPremisesSecurityIdentifier": null, "provisioningErrors": [], "proxyAddresses": [], "securityEnabled": true }

Example AzCLI creating an AzureAD Service Principal
PS C:\Users\joshuastaley> az ad sp create-for-rbac -n ar-eastus-k8s-anoa-01 { "appId": "XXXXXX-XXXXXX-4781-95fe-3edf89fdebd4", "displayName": "ar-eastus-k8s-anoa-01", "name": "XXXXXX-XXXXXX-4781-95fe-3edf89fdebd4", "password": "XXXXXX-XXXXXX-XXXXX-XX6.D7AMq27GCj37q", "tenant": "XXXXXX-XXXXXX-457b-af54-603a8d840878" }

Example PowerShell script to create AAD SPN and put the secret info in a KeyVault for reference

`
$SubName = (Get-AzContext).Subscription.Name
$AppName = $SubName + "-Guacamole-SSO"
$openIDredirectURI = "$env:OPENIDREDIRECTURI"
$homepageuri = "$env:HOMEPAGEURI"
$vaultname = "$env:VAULTNAME"

    $SubName = (Get-AzContext).Subscription.Name
    $AppName = $SubName + "-Guacamole-SSO"       
    If (!($sptest = Get-AzADServicePrincipal -DisplayName $AppName)){
            $sp = New-AzADServicePrincipal -DisplayName $AppName
            Start-Sleep 20
            $Tags = @{ 'Application ID' = $sp.ApplicationId; 'DisplayName' = $sp.DisplayName; 'ObjectID' = $sp.Id; 'TenantID' = (get-azcontext).Tenant.id}
    Set-AzKeyVaultSecret -VaultName $vaultname -Name $sp.DisplayName -SecretValue $sp.secret -Tag $Tags
    $appid = (Get-AzADApplication -DisplayName $AppName).ApplicationId
    Update-AzADApplication -ApplicationId $appid -ReplyUrl $openIDredirectURI -HomePage $homepageuri
    $GraphEndpoint = (Get-AzContext).Environment.GraphEndpointResourceId
    $TenantId = (Get-AzContext).TenantID
    $MemberObjectId = 'XXXXXX-XXXXXX-8f5c-60a63e614fa8'
    $Url = '{0}{1}/directoryObjects/{2}' -f $GraphEndpoint, $TenantId, $MemberObjectId
    $null = $PSBoundParameters.Remove("MemberObjectId")
    $null = $PSBoundParameters.Add("Url", $Url)
    Az.Resources\Add-AzADApplicationOwner @PSBoundParameters

    $env:OPENIDCLIENTID = $appid
    Write-Host "##vso[task.setvariable variable=ApplicationId;isOutput=true]$appid"

}
Else{
    $appid = $sptest.ApplicationId
    $env:OPENIDCLIENTID = $appid
    Write-Host "##vso[task.setvariable variable=ApplicationId;isOutput=true]$appid"
}

`

Here is a link to a blog article about creating a BICEP module to do the App Registration creation: https://reginbald.medium.com/creating-app-registration-with-arm-bicep-b1d48a287abb

Link to information about deployment scripts: https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/deployment-script-template