Demystifying Managed Service Accounts: Unveiling Best Practices And Security Measures To Reduce Risk And Impact

Throughout the years, Microsoft has developed 3 different versions of Managed Service Accounts, and all with the goal of improving password security and management. While the first attempt of “Managed Service Accounts (MSAs)” (introduced in Windows Server 2008 R2) was a good start, it was very limited. The next reincarnation, “Group Managed Service Accounts (gMSAs)” (introduced in Windows Server 2012) removed the biggest limitation and allowed a gMSA to be used across multiple servers. While gMSAs were easier to adopt, there are still a few “gotchas”. An application must support the use of a gMSA and/or the migration of a regular service user account to a gMSA could be a (very) complex and cumbersome exercise. With the next reincarnation, “Delegated Managed Service Accounts (dMSAs)” (introduced in Windows Server 2025), removed the previously mentioned gotchas. No more gotchas to deal with. Right? Attend this session to learn more about how and when to use any of the MSA types, including any actions required to reduce risk and impact due to security issues during a Cyber Attack.