Blog Post

Microsoft Defender XDR Blog

3 MIN READ

Discover and protect Service Accounts with Microsoft Defender for Identity

AVIVKOREN

Microsoft

Mar 24, 2025

Microsoft Defender for Identity has announced the public preview of a new service account discovery module that automatically identifies and classifies service accounts in Active Directory.

When people think about “identities” many default to the human variety – a user with a username and password. But by most estimates, human identities are outnumbered more than 10:1 by their non-human...

Updated Mar 20, 2025

Version 1.0

microsoft defender for identity

microsoft defender xdr

AVIVKOREN

Microsoft

Joined March 19, 2025

View Profile

Microsoft Defender XDR Blog

Follow this blog board to get notified when there's new activity

prakashjha

Brass Contributor

Mar 26, 2025

This new feature in MDI is fantastic, thank you! Regarding service account discovery, we've noticed that our custom (non-gMSA/sMSA) service accounts aren't all being detected. Could you please provide information on how we can configure MDI to recognize these? Additionally, understanding the criteria MDI uses to classify an account as a service account would be very helpful.

Dusty
Copper Contributor
Apr 01, 2025
To be detected as a user type service account, two factors must be true:
It must have "Password never expires"
AND
It must have a SPN (Service Principal Name)
- MSuser1
  Copper Contributor
  Apr 03, 2025
  We have lots of serviceaccounts that don’t have a SPN configured. All our service accounts are stored in 3 different OU:s in Active Directory. It would be nice if we could add a list of distinguishedName to the OU:s, so all account in those location would be tagged as service accounts.
  
  So if “password = never expires” and “OU location = true” then add to list as ServiceAccount
  - RickardD
    Copper Contributor
    Apr 14, 2025
    Same here.
    
    We would like som custom filters for defining Service Accounts, either path (OU) or name standards, ie "cn=AS.*".