AZ-400 – Question 82

You have an Azure DevOps organization named Contoso.

You need to recommend an authentication mechanism that meets the following requirements:
✑ Supports authentication from Git
✑ Minimizes the need to provide credentials during authentication

What should you recommend?

A. personal access tokens (PATs) in Azure DevOps
B. Alternate credentials in Azure DevOps
C. user accounts in Azure Active Directory (Azure AD)
D. managed identities in Azure Active Directory (Azure AD)
Correct Answer: A 
Personal access tokens (PATs) give you access to Azure DevOps and Team Foundation Server (TFS), without using your username and password directly.
These tokens have an expiration date from when they’re created. You can restrict the scope of the data they can access. Use PATs to authenticate if you don’t already have SSH keys set up on your system or if you need to restrict the permissions that are granted by the credential.
Incorrect Answers:
B: Azure DevOps no longer supports Alternate Credentials authentication since the beginning of March 2, 2020. If you’re still using Alternate Credentials, we
[Microsoft] strongly encourage you to switch to a more secure authentication method (for example, personal access tokens).