How can we improve Azure Active Directory?

Support Group Managed Servcie Accounts (gMSA)

A big problem for customers once MIM is deployed is changing all the service accounts used by the solution. Supporting group managed service accounts would help lessen this customer pain.

41 votes
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Jeff Ingalls shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

7 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Jordan Mills commented  ·   ·  Flag as inappropriate

    This is marked as complete, but it's not. The newer updates only use gmsas for a few of the services. And no management agents support using a gmsa.

  • Tom Houston commented  ·   ·  Flag as inappropriate

    Thanks for adding gMSA support in MIM 2016. Are there any plans to incorporate the gMSA feature into an ISO build, and also support configuring the gMSAs as part of an unattended installation?

  • Tom Urwin commented  ·   ·  Flag as inappropriate

    It would be great if we could use gMSAs in scripts that connect to SPO/MSOL/O365 etc. Storing passwords is insecure, even if encrypted... And changing them in the script following password expiry is a pain too.

  • Anonymous commented  ·   ·  Flag as inappropriate

    It would be fantastic if Azure Container Instances would also support this. This way, our ExpressRoute connected containers could windows auth to internal sites and services.

  • Sonali Noolkar commented  ·   ·  Flag as inappropriate

    Would like to know if the gMSA can be used by Azure web apps to Sql Azure using AAD authentication.

  • Tom Houston commented  ·   ·  Flag as inappropriate

    It's great to see Microsoft continuing to invest in MIM - gMSAs are such a great feature of Windows Server Active Directory so it'll be good to see them fully supported in MIM. Thanks to the Azure AD Identity PG!

  • Jake commented  ·   ·  Flag as inappropriate

    +1 ADFS is able to use gMSAs, it'd be nice if AADC could do so as well!

Feedback and Knowledge Base