Forum Discussion
Adding a gMSA account to the Access from Network user rights for Entra Joined devices
How should a person be adding this gMSA account to the Entra joined device? When I put it in intune using the SID method (asterisk in front of the sid), the client machine (Windows 11 23H2) errors out with an error Result:(0x80070534) No mapping between account names and security IDs was done. If I leave the SID of the gMSA account out of the policy, then the policy will apply.
- Hi Steve,
Is it this guide you're following?
https://learn.microsoft.com/en-us/defender-for-identity/deploy/remote-calls-sam#configure-a-device-profile-for-microsoft-entra-joined-devices-only- Yes that is the guide I am following. In the section Configure a Device profile for Microsoft Entra Joined Devices only, I have not been successful adding the group managed service account sid of our Defender for Identity Directory Service account to the Access from Network User Rights assignment (step 3)
- I have the same problem. Configuring "Network Access Restrict Clients Allowed To Make Remote Calls To SAM" works but "Access From Network" always returns an error (when adding the gMSA as SID or name).
