Forum Discussion
Change service account to avoid cached password in windows registry
Hi ,
In Microsoft 365 defender > secure score there's a recommendation for me saying "Change service account to avoid cached password in windows registry" , and I can see multiple MSSQL services falling into this recommendations .
But the remediation is not very clear , what should I need to do in here ?
Thanks ,
3 Replies
Hello,
as suggested by the remediation options we changed all accounts for the SQL Server services to "gMSAs" (group manage service accounts). I mostly followed this guide here:
https://www.sqlshack.com/configure-managed-service-accounts-for-sql-server-always-on-availability-groups/
This should be the trick. Unfortunately the servers are still marked as exposed devices. I will open a new thread and ask why. But to my understanding this is a false-positive...- Same here, i have "AADConnectProvisioningAgent" service flagged in my environment. any way to remediate this?
- Hello
I have exactly the same question.
A best practices would be nice.
Thanks
Best Regards
