Microsoft Defender for Identity has announced the public preview of a new service account discovery module that automatically identifies and classifies service accounts in Active Directory.
Updated Mar 20, 2025
Version 1.0To be detected as a user type service account, two factors must be true:
It must have "Password never expires"
AND
It must have a SPN (Service Principal Name)
We have lots of serviceaccounts that don’t have a SPN configured. All our service accounts are stored in 3 different OU:s in Active Directory. It would be nice if we could add a list of distinguishedName to the OU:s, so all account in those location would be tagged as service accounts.
So if “password = never expires” and “OU location = true” then add to list as ServiceAccount