Blog Post
Discover and protect Service Accounts with Microsoft Defender for Identity
This new feature in MDI is fantastic, thank you! Regarding service account discovery, we've noticed that our custom (non-gMSA/sMSA) service accounts aren't all being detected. Could you please provide information on how we can configure MDI to recognize these? Additionally, understanding the criteria MDI uses to classify an account as a service account would be very helpful.
- DustyApr 01, 2025Copper Contributor
To be detected as a user type service account, two factors must be true:
It must have "Password never expires"
AND
It must have a SPN (Service Principal Name)
- MSuser1Apr 03, 2025Copper Contributor
We have lots of serviceaccounts that don’t have a SPN configured. All our service accounts are stored in 3 different OU:s in Active Directory. It would be nice if we could add a list of distinguishedName to the OU:s, so all account in those location would be tagged as service accounts.
So if “password = never expires” and “OU location = true” then add to list as ServiceAccount
- RickardDApr 14, 2025Copper Contributor
Same here.
We would like som custom filters for defining Service Accounts, either path (OU) or name standards, ie "cn=AS.*".