Event banner

Windows Server 2025 OS security for IT and security pros

Event Ended
Thursday, Mar 28, 2024, 02:00 PM PDT
Online

Event details

Advancements in security have been a core part of Windows Server 2025 development. Come for an overview of service account hardening, Secured-core, security baselines as a first-class product feature...
Char_Cheesman
Updated Dec 27, 2024
Tony_Pombo's avatar
Tony_Pombo
Iron Contributor
Mar 28, 2024
Even after watching "What's new in Active Directory for Windows Server 2025", where they introduce DMSA, I still don't understand the purpose of DMSA. Why not just move to "old school" MSA or the newer GMSA? Is it just a way to move to a MSA-thing without touching the server where the account is being used? Is there some other benefit I am overlooking? It seems to me that someday, you'll need/want to clean up the old account and touch the "calling servers" anyway.
  • Ram_Jeyaraman's avatar
    Ram_Jeyaraman
    Icon for Microsoft rankMicrosoft
    Mar 29, 2024

    The goal with DMSA is to get rid of using passwords with service accounts. More often than not, those accounts use weak passwords, which are often reused across multiple accounts, and often those passwords do not get rotated. Such service accounts are attractive targets for attackers. With, DMSA (delegated managed service account), service accounts are bound to the machine identity and thus do not use passwords. Further, it is easy to upgrade existing service accounts to DMSA.

Date and Time
Mar 28, 20242:00 PM - 2:30 PM PDT