Jorge de Almeida Pinto
Jorge de Almeida Pinto, based in the Netherlands, is a Senior Incident Response Lead working for Semperis helping customers proactively and reactively to be and remain secure. He has a passion for helping organizations design, implement, and secure their digital identity environments. Jorge brings over 2 decades of expertise, earning the Microsoft MVP award since 2006. He is a frequent speaker at global conferences and an active contributor to the tech community through articles and workshops on topics like Entra ID, hybrid identity, security automation and recovery.
Session
Throughout the years, Microsoft has developed 3 different versions of Managed Service Accounts, and all with the goal of improving password security and management. While the first attempt of “Managed Service Accounts (MSAs)” (introduced in Windows Server 2008 R2) was a good start, it was very limited. The next reincarnation, “Group Managed Service Accounts (gMSAs)” (introduced in Windows Server 2012) removed the biggest limitation and allowed a gMSA to be used across multiple servers. While gMSAs were easier to adopt, there are still a few “gotchas”. An application must support the use of a gMSA and/or the migration of a regular service user account to a gMSA could be a (very) complex and cumbersome exercise. With the next reincarnation, “Delegated Managed Service Accounts (dMSAs)” (introduced in Windows Server 2025), removed the previously mentioned gotchas. No more gotchas to deal with. Right?