Forum Discussion
MDI & gMSA config
Hi,
We have followed the MDI Deployment guide from Microsoft: https://learn.microsoft.com/en-us/defender-for-identity/deploy/deploy-defender-identity
We have also cross referenced this guide: https://jeffreyappel.nl/how-to-implement-defender-for-identity-and-configure-all-prerequisites/
The MDI Portal shows the gMSA account.
The MDI agents are running fine and reporting to the MDI Portal.
However, when we look at Services.msc on the Domain Controllers, the MDI agent runs under the security context of "Local Service" and not the gMSA account.
Can anyone advise us on whether this is correct? or should we see the gMSA account in Service.msc console? And what other config may be required to make it run under the gMSA account?
Thank you
SK
(screenshot below)
- Hi EliOfek,
Thank you so much for your quick reply - we've been scratching our heads thinking we should see the gMSA account appear in the Service.msc console.
In that case our deployment is running as it should 🙂
Thank you again !
PS. Perhaps one day someone will update the MS site with the expected behavior under the gMSA config page: https://learn.microsoft.com/en-us/defender-for-identity/deploy/create-directory-service-account-gmsa
