Make the updates as suggested by the PMs, performed freshness pass as well.

Author: Akhilesh-microsoft

articles/container-apps/tutorial-ci-cd-runners-jobs.md

@@ -6,7 +6,7 @@ author: craigshoemaker
 ms.service: azure-container-apps
 ms.custom: devx-track-azurecli
 ms.topic: conceptual
-ms.date: 02/10/2025
+ms.date: 02/20/2025
 ms.author: cshoe
 zone_pivot_groups: container-apps-jobs-self-hosted-ci-cd
 ---
@@ -15,13 +15,6 @@ zone_pivot_groups: container-apps-jobs-self-hosted-ci-cd
 
 GitHub Actions and Azure Pipelines allow you to run CI/CD workflows with self-hosted runners and agents. You can run self-hosted runners and agents using event-driven Azure Container Apps [jobs](./jobs.md).
 
-## Managing Personal Access Tokens (PAT)
-
-As each container registers itself as a one-time agent, managing the configured PAT can be challenging. At some point, the PAT expires, and agents can't register. From an automation perspective, using Azure Pipelines to create the agents with a PAT requires personal intervention.
-
-> [!NOTE]
-> A job access token makes more sense in this scenario. Designed for automated workflows, job access tokens help avoid manual intervention when the PAT expires.
-
 Self-hosted runners are useful when you need to run workflows that require access to local resources or tools that aren't available to a cloud-hosted runner. For example, a self-hosted runner in a Container Apps job allows your workflow to access resources inside the job's virtual network that isn't accessible to a cloud-hosted runner.
 
 Running self-hosted runners as event-driven jobs allows you to take advantage of the serverless nature of Azure Container Apps. Jobs execute automatically when a workflow is triggered and exit when the job completes.
@@ -42,6 +35,9 @@ In this tutorial, you learn how to run GitHub Actions runners as an [event-drive
 > [!IMPORTANT]
 > Self-hosted runners are only recommended for *private* repositories. Using them with public repositories can allow dangerous code to execute on your self-hosted runner. For more information, see [Self-hosted runner security](https://docs.github.com/en/actions/hosting-your-own-runners/managing-self-hosted-runners/about-self-hosted-runners#self-hosted-runner-security).
 
+> [!NOTE]
+> The personal access token (PAT) has an expiration date. It's the customer's responsibility to ensure that the PAT is regularly rotated and isn't expired. Monitor and update your PAT accordingly to maintain uninterrupted services.
+
 ::: zone-end
 
 ::: zone pivot="container-apps-jobs-self-hosted-ci-cd-azure-pipelines"
@@ -59,6 +55,9 @@ In this tutorial, you learn how to run Azure Pipelines agents as an [event-drive
 > [!IMPORTANT]
 > Self-hosted agents are only recommended for *private* projects. Using them with public projects can allow dangerous code to execute on your self-hosted agent. For more information, see [Self-hosted agent security](/azure/devops/pipelines/agents/linux-agent#permissions).
 
+> [!NOTE]
+> The personal access token (PAT) has an expiration date. It's the customer's responsibility to ensure that the PAT is regularly rotated and isn't expired. Monitor and update your PAT accordingly to maintain uninterrupted services.
+
 ::: zone-end
 
 > [!NOTE]
@@ -981,7 +980,7 @@ Once a self-hosted agent job is configured, you can run a pipeline and verify it
 Once you're done, run the following command to delete the resource group that contains your Container Apps resources.
 
 >[!CAUTION]
-> The following command deletes the specified resource group and all resources contained within it. If resources outside the scope of this tutorial exist in the specified resource group, they'll also be deleted.
+> The following command deletes the specified resource group and all resources contained within it. If resources outside the scope of this tutorial exist in the specified resource group, they're also deleted.
 
 # [Bash](#tab/bash)
 ```bash