Discover and protect Service Accounts with Microsoft Defender for Identity

AVIVKOREN

Microsoft

Mar 24, 2025

Microsoft Defender for Identity has announced the public preview of a new service account discovery module that automatically identifies and classifies service accounts in Active Directory.

When people think about “identities” many default to the human variety – a user with a username and password. But by most estimates, human identities are outnumbered more than 10:1 by their non-human...

Updated Mar 20, 2025

Version 1.0

microsoft defender for identity

microsoft defender xdr

AVIVKOREN

Microsoft

Joined March 19, 2025

View Profile

Microsoft Defender XDR Blog

Follow this blog board to get notified when there's new activity

Dusty

Copper Contributor

Apr 01, 2025

To be detected as a user type service account, two factors must be true:

It must have "Password never expires"

AND

It must have a SPN (Service Principal Name)

MSuser1

Copper Contributor

Apr 03, 2025

We have lots of serviceaccounts that don’t have a SPN configured. All our service accounts are stored in 3 different OU:s in Active Directory. It would be nice if we could add a list of distinguishedName to the OU:s, so all account in those location would be tagged as service accounts.

So if “password = never expires” and “OU location = true” then add to list as ServiceAccount

Blog Post

Discover and protect Service Accounts with Microsoft Defender for Identity

Microsoft Defender for Identity has announced the public preview of a new service account discovery module that automatically identifies and classifies service accounts in Active Directory.