Simplifying gMSA for Windows Containers on AKS: Open-Source Tooling Now Available

We’re excited to announce that the Windows Containers AKS gMSA tooling is now publicly available on our GitHub repo (Microsoft/Windows-Containers-AKS-gMSA): Windows-Containers-AKS-gMSA.

This open-source repository provides tooling to simplify configuring Group Managed Service Accounts (gMSA) for Windows containers running on Azure Kubernetes Service (AKS)—making it easier to containerize and run Active Directory–dependent applications in Kubernetes. 

Many enterprises rely on Windows applications that integrate with Active Directory (AD) for authentication and authorization. As these workloads move to AKS using Windows containers, it’s critical that they continue to securely support AD‑based authentication. This tooling helps organizations modernize to containers while maintaining trusted identity and authorization workflows built on Active Directory. 

Who this is for 

This tooling is intended for: 

• Teams modernizing existing AD-dependent Windows applications 

• Customers running Windows containers on AKS who require Kerberos or Integrated Windows Authentication 

• Platform and infrastructure teams looking to standardize gMSA setup across environments 

• Anyone evaluating whether gMSA is the right fit for their Windows container scenarios 

If you’re running workloads that depend on Active Directory and want to bring them to AKS with minimal refactoring, this repository can serve as a starting point for validating gMSA in your environment. 

Why gMSA on AKS matters 

Windows containers are a natural fit for modernizing existing IIS, .NET Framework, and other AD-integrated applications with minimal code changes. However, containers themselves can’t be domain joined, which historically made AD authentication challenging in containerized environments. 

With gMSA support on AKS, Windows containers can securely authenticate to Active Directory without requiring domain-joined nodes, instead relying on the AKS host to perform authentication on the application’s behalf. This enables: 

• Secure AD authentication for Windows containers 

• Easier cluster scaling and upgrades 

• Reduced operational overhead compared to domain-joined node models with no changes to the AD infrastructure required 

While platform support exists, configuring gMSA on AKS still involves multiple moving parts—including AKS, Active Directory, Azure Key Vault, and credential specifications. This tooling is intended to help streamline that setup by reducing manual configuration across these components. 

What’s in the repository 

The Windows-Containers-AKS-gMSA repository provides a PowerShell module and supporting scripts designed to simplify the end-to-end setup of gMSA for Windows containers on AKS. 

Key highlights include: 

• A PowerShell module to help configure an AKS cluster for gMSA usage 

• Automation to reduce manual setup across Azure, AD, and AKS components 

• Documentation and troubleshooting guidance for prerequisites and common pitfalls 

• A trial/validation setup to help stand up a test environment for gMSA on AKS 

The goal is to lower the barrier to entry and make it easier for teams to experiment with—and ultimately adopt—gMSA for their Windows container workloads. 

Getting started 

To get started, visit the GitHub repository and review the README and documentation: 

https://github.com/microsoft/Windows-Containers-AKS-gMSA  

You’ll find: 

• Environment and prerequisite requirements 

• Instructions for importing and using the PowerShell module 

• Guidance for validating your setup in a non-production environment 

For the official documentation, please visit Use gMSA on Azure Kubernetes service in Windows containers | Microsoft Learn. 

Open source and community feedback 

By making this repository public, we’re inviting the community to explore, experiment, and provide feedback. While this tooling is designed to simplify setup, it’s important to review the documentation carefully and validate configurations in test environments before production use. 

We welcome issues and feedback, suggestions for improvements, and any contributions that help improve reliability, clarity, or usability. 

What’s next 

This release is part of our continued effort to improve the experience of running Windows containers on AKS—particularly for customers modernizing existing Windows Server workloads that depend on Active Directory. 

We look forward to hearing how you’re using gMSA on AKS and where we can continue to improve the setup and deployment experience.