Hi @Raghu ,
Thanks for contacting Microsoft Q&A platform.
Tokens were introduced specifically for the purpose of repo scoped access control which other auth options don't share and at the moment. That is the only current solution that is supported for the purpose of offering repository scoped restricted access.
In your scenario the main limitation seems to be the usage of AAD identities with scope maps, currently it is limited to just token (user and pass) authentication. However, the other limitation that is mentioned in the document about the anonymous pull is not a limitation, and team will update the documentation accordingly.
Hope this helps.