- Domain 2 Overview: What "Source Control Strategy" Really Means
- Designing a Repository Strategy: Monorepo vs. Multi-Repo
- Branching Models You Must Know Cold
- Branch Policies, Protection Rules, and Pull Request Gates
- Managing Large Files and Oversized Repositories
- Migrating Source Control: TFVC, SVN, and GitHub Import
- Authentication, Permissions, and Repository Security
- Where Domain 2 Fits Into Your Overall AZ-400 Study Plan
- A Two-Week Focus Plan for Domain 2
- FAQ: AZ-400 Source Control Strategy
- Domain 2 is worth 10-15% of AZ-400, smaller than build/release but still a guaranteed scoring block.
- Expect scenario questions comparing monorepo vs. multi-repo and trunk-based vs. GitFlow branching.
- Branch policies, PR approval rules, and Git-LFS/submodule use are the most testable technical details.
- TFVC-to-Git migration and GitHub import scenarios show up as case-study material, not just trivia.
Domain 2 Overview: What "Source Control Strategy" Really Means
Domain 2, "Design and implement a source control strategy," sits at 10-15% of the AZ-400 exam. That's a modest slice compared to the dominant Domain 3 (build and release pipelines) at 50-55%, but 10-15% still translates into enough questions to swing your scaled score above or below the 700 passing mark. If you're mapping out where this domain sits relative to the others, the AZ-400 Exam Domains 2026 guide breaks down all five content areas side by side.
Microsoft doesn't test source control as a trivia exercise about Git commands. It tests your ability to design a strategy - meaning you're expected to reason through trade-offs: which branching model fits a given team size, how to enforce quality gates before code merges, how to migrate legacy version control without losing history, and how to secure repositories against unauthorized changes. Expect scenario-based items, drag-and-drop sequencing of migration steps, and case studies describing a company's current repo setup with a question asking what you'd change.
Designing a Repository Strategy: Monorepo vs. Multi-Repo
One of the first design decisions AZ-400 expects you to evaluate is repository structure. A monorepo houses multiple services or projects in a single Git repository; a multi-repo approach splits each service into its own repository. Both are legitimate, and the exam wants you to know the trade-offs rather than pick a "correct" answer universally.
Monorepo Considerations
Candidates should understand when a single repository benefits a team.
- Simplifies cross-project dependency management and atomic commits across services
- Requires strong branch policies to prevent one team's changes from breaking another's build
- Can create scaling issues with Git performance as history and file count grow
Multi-Repo Considerations
Candidates should understand when separate repositories are the better design.
- Isolates ownership and access control per team or microservice
- Requires versioned package references (NuGet, npm) to share code between repos
- Complicates coordinated releases that span multiple repositories
Expect the exam to present a scenario - say, five independent microservice teams with separate release cadences - and ask you to recommend a repository structure and justify it with a supporting Azure DevOps or GitHub configuration.
Branching Models You Must Know Cold
You need working knowledge of at least three branching approaches: trunk-based development, GitFlow, and GitHub flow (feature branching with pull requests). AZ-400 will describe a team's release cadence, team size, and risk tolerance, then ask which model - and which supporting configuration - fits.
- Trunk-based development: Short-lived feature branches merge frequently into main; favored for continuous delivery and small, fast-moving teams.
- GitFlow: Uses develop, feature, release, and hotfix branches; better suited to scheduled releases and products with long-lived version support.
- GitHub flow: Simplified feature-branch-and-PR model without a dedicated develop branch; common in open-source and SaaS teams shipping continuously.
| Model | Best Fit | Merge Frequency | Release Pattern |
|---|---|---|---|
| Trunk-Based | Small, high-velocity teams | Multiple times daily | Continuous deployment |
| GitFlow | Products with parallel version support | Periodic, batched | Scheduled releases, hotfixes |
| GitHub Flow | SaaS, open-source, feature-branch teams | Per pull request | Continuous or on-demand |
Key Takeaway
Memorize the trigger words in each scenario: "multiple supported versions" points to GitFlow, "deploy multiple times a day" points to trunk-based, and "feature branches with pull request review" points to GitHub flow.
Branch Policies, Protection Rules, and Pull Request Gates
Once you've chosen a branching model, AZ-400 expects you to enforce it through configuration. In Azure Repos this means branch policies; in GitHub it means branch protection rules. Know the specific settings each platform exposes:
- Requiring a minimum number of reviewers before a pull request can complete
- Requiring successful build validation (linked pipeline) before merge
- Blocking direct pushes to protected branches like main or release
- Requiring linked work items for traceability
- Enforcing comment resolution before completion
- Status checks and required checks in GitHub branch protection rules
Questions here are often practical: given a described incident (a broken build merged without review), identify the missing policy. This is exam-style pattern recognition, not memorization of menu paths.
Managing Large Files and Oversized Repositories
A recurring Domain 2 topic is handling repositories that have grown too large or contain binary assets that don't belong in standard Git history. You should be able to explain and choose between:
- Git Large File Storage (Git-LFS): Stores large binary files as pointers, reducing repository clone size and improving performance.
- Git submodules: References an external repository as a subdirectory, useful for shared libraries maintained independently.
- Git subtree: An alternative to submodules that merges another repository's history directly, avoiding the extra checkout step submodules require.
- Shallow clones and sparse checkout: Techniques to reduce clone time and working directory size on very large repositories, especially relevant in CI agents.
Expect a scenario describing slow pipeline checkout times or oversized .git folders, followed by a question asking which remediation to apply - this is a classic Domain 2 and Domain 3 crossover point, since large-repo issues directly affect pipeline performance covered in Domain 3: build and release pipelines.
Migrating Source Control: TFVC, SVN, and GitHub Import
Because many enterprises running AZ-400-relevant Azure DevOps environments still have legacy Team Foundation Version Control (TFVC) history, migration scenarios are fair game. Know the practical migration path:
- Assess the existing TFVC or SVN repository structure and branch history depth needed post-migration
- Use conversion tooling (such as git-tfs) or Azure DevOps's built-in import repository feature to bring history into Git
- Validate history integrity and file permissions after conversion
- Update build pipelines, work item links, and branch policies to reference the new Git repository
- Decommission or archive the legacy repository per organizational retention policy
GitHub import scenarios follow a similar pattern: importing an external Git repository into GitHub via the GitHub Importer, then reconfiguring branch protection and Actions workflows to match the target environment. The exam tends to test sequencing - putting these migration steps in the correct order via drag-and-drop or build-list item types.
Authentication, Permissions, and Repository Security
Source control strategy isn't complete without access control. AZ-400 expects familiarity with:
- Azure DevOps security groups and repository-level permissions (Contribute, Force Push, Bypass Policies)
- Personal access tokens (PATs) and their scoping for automation and service accounts
- SSH key and OAuth-based authentication for Git operations
- GitHub organization roles, teams, and CODEOWNERS files for enforcing review ownership
- Restricting who can bypass branch policies - a frequent point of failure in real-world audits and a favorite exam distractor
This overlaps with the security and compliance material tested more heavily in Domain 4: security and compliance plan, so treat repository access control as a bridge topic between domains rather than something you study once and forget.
Where Domain 2 Fits Into Your Overall AZ-400 Study Plan
Because Domain 2 carries the same 10-15% weight as Domain 1 (processes and communications) and Domain 4 (security and compliance), it's tempting to under-allocate time here in favor of the much larger Domain 3. That instinct is partly right - Domain 3 deserves the largest share of your prep - but Domain 2 concepts (branch policies, repo migration, access control) resurface inside Domain 3 pipeline scenarios and Domain 4 compliance scenarios. Skipping it weakens your performance across the exam, not just on Domain 2 questions.
If you haven't yet built a full study roadmap across all five domains, start with the AZ-400 Study Guide 2026 for a first-attempt-focused plan, and pair it with the Domain 1 study guide since process and source control decisions are usually made together in real DevOps teams.
A Two-Week Focus Plan for Domain 2
Given Domain 2's weight, two focused weeks - layered on top of your broader multi-domain schedule - is usually enough if you already have hands-on Azure DevOps or GitHub experience. Adjust based on how much production repository work you've actually done.
Branching and Repository Design
- Configure a repo in Azure Repos and a mirrored one in GitHub; compare branch protection settings side by side
- Practice describing trunk-based, GitFlow, and GitHub flow scenarios out loud in your own words
- Set up branch policies requiring reviewers, build validation, and linked work items
Migration, Large Files, and Access Control
- Walk through a TFVC-to-Git migration checklist end to end, including pipeline reconfiguration
- Set up Git-LFS on a test repo and observe the difference in clone size and pointer files
- Review Azure DevOps security groups and GitHub CODEOWNERS syntax until you can write both from memory
Once you've closed this domain, use practice questions to confirm retention before moving to Domain 3. The full-length simulations on our AZ-400 practice test platform mix Domain 2 items with the other four domains so you get realistic, blended exposure rather than isolated drills.
Key Takeaway
Don't study Domain 2 in isolation right before the exam. Interleave it with Domain 3 and Domain 4 review sessions so you recognize crossover scenarios instead of getting caught off guard.
Who Actually Uses This Domain on the Job
Source control strategy design isn't an academic exercise - it's daily work for DevOps engineers, release managers, and platform engineers who own repository governance across an organization. Employers hiring for roles tied to this certification expect candidates to have already administered or developed in Azure and implemented GitHub or Azure DevOps solutions, per Microsoft's stated prerequisites. If you're evaluating whether this cert translates into hiring demand, the AZ-400 Jobs overview and the AZ-400 Salary Guide 2026 cover what employers list in job postings tied to this credential, and Is the AZ-400 Certification Worth It? weighs the return on the study time against career impact.
Remember, AZ-400 alone doesn't grant the Microsoft Certified: DevOps Engineer Expert title - you also need Microsoft Certified: Azure Administrator Associate or Azure Developer Associate first. If you're still confirming your prerequisite path, the AZ-400 Certification overview and What Is AZ-400 Certification? pages walk through eligibility before you schedule anything through Pearson VUE.
How Domain 2 Compares in Difficulty to the Rest of the Exam
Candidates often assume the smaller domains are "easier" simply because they carry less weight. In practice, Domain 2 questions are conceptually dense - a single scenario can require you to reason about branching strategy, policy enforcement, and migration sequencing all at once. If you want a broader sense of where the exam's difficulty actually concentrates, How Hard Is the AZ-400 Exam? and AZ-400 Pass Rate 2026: What the Data Shows give useful context on how domains like this one factor into overall exam difficulty, and structured AZ-400 Training resources can accelerate the hands-on repetitions this domain rewards.
Because Microsoft reports results as a scaled score against a 700 passing threshold rather than a raw percentage, you can't assume a weak Domain 2 performance will be fully offset by a strong Domain 3 score. Treat every domain, including this one, as a must-pass section on its own terms. For a full breakdown of how all five domains interact and where to prioritize your remaining study time, revisit the AZ-400 Exam Domains 2026 guide before your next practice session on our practice test platform.
FAQ: AZ-400 Source Control Strategy
Microsoft doesn't publish an exact question count for AZ-400, but Domain 2 represents 10-15% of the overall exam weighting, so expect a proportional share of scenario-based and case-study items focused on branching, repository design, and migration.
Both. Microsoft expects candidates to implement GitHub and Azure DevOps solutions, so Domain 2 questions can reference branch protection rules in GitHub just as often as branch policies in Azure Repos.
Hands-on experience helps significantly, but if you can't practice a live migration, walk through the conceptual steps - assessment, conversion, validation, pipeline reconfiguration, decommissioning - until you can sequence them without hesitation.
All three carry the same 10-15% weight, so none is inherently "harder" by design. Difficulty depends on your prior hands-on experience with Git workflows versus process design or security tooling.
Yes. Branch policies and access control resurface in Domain 3 pipeline scenarios and Domain 4 compliance scenarios, so mastering source control strategy pays off beyond its own 10-15% weighting.
- AZ-400 Domain 1: Design and implement processes and communications (10-15%) - Complete Study Guide 2026
- AZ-400 Domain 3: Design and implement build and release pipelines (50-55%) - Complete Study Guide 2026
- AZ-400 Domain 4: Develop a security and compliance plan (10-15%) - Complete Study Guide 2026
- AZ-400 Exam Domains 2026: Complete Guide to All 5 Content Areas