Change service account to avoid cached password in windows registry

Hello,

as suggested by the remediation options we changed all accounts for the SQL Server services to "gMSAs" (group manage service accounts). I mostly followed this guide here:
https://www.sqlshack.com/configure-managed-service-accounts-for-sql-server-always-on-availability-groups/

This should be the trick. Unfortunately the servers are still marked as exposed devices. I will open a new thread and ask why. But to my understanding this is a false-positive...