Forum Discussion

Or Tsemah's avatar
Or Tsemah
Former Employee
Jan 22, 2020

Using Group managed service accounts (gMSA) with Azure ATP

Hey everyone, Based on customer feedback and to improve overall security and compliance requirements, we will soon be introducing the option to use a more secure Group managed service account (gMSA...
JohanHeyneke's avatar
JohanHeyneke
Icon for Microsoft rankMicrosoft
Jul 07, 2020

Or Tsemah What is the recommended approach with a gMSA account when you have multiple domains in the forest. Can we use single gMSA created in forest root domain to use on all the child domains, or would you need a gMSA for each domain in the forest?

  • EliOfek's avatar
    EliOfek
    Icon for Microsoft rankMicrosoft
    Jul 07, 2020

    JohanHeyneke , if you have full trust between all those domains, and all the DCs in the forest are granted permission to pull this gmsa account's password, then yes, you can work with a single gmsa.

    • JohanHeyneke's avatar
      JohanHeyneke
      Icon for Microsoft rankMicrosoft
      Jul 07, 2020

      EliOfek Thanks for the quick response. This is great news. 

Resources