Skip to content

Commit fdc4b4e

Browse files
v-edmckillopv-edmckillop
authored
Update service-accounts-user-on-premises.md
1 parent 39dcba9 commit fdc4b4e

File tree

1 file changed

+5
-9
lines changed

1 file changed

+5
-9
lines changed

articles/active-directory/fundamentals/service-accounts-user-on-premises.md

Lines changed: 5 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -92,20 +92,16 @@ See the following table for potential on-premises user account security issues a
9292
| The account is a member of privileged groups| - Review group membership</br> - Remove the account from privileged groups</br> - Grant the account rights and permissions to run its service (consult with service vendor)</br> - For example, deny sign-in locally or interactive sign-in|
9393
| The account has read/write permissions to sensitive resources| - Audit access to sensitive resources</br> - Archive audit logs to a SIEM: Azure Log Analytics or Microsoft Sentinel</br> - Remediate resource permissions if you detect an undesirable access levels |
9494

95-
## Move to more secure account types
95+
## Use secure account types
9696

97-
Microsoft doesn't recommend that you use on-premises user accounts as service accounts. For any service that uses this type of account, assess whether it can instead be configured to use a gMSA or an sMSA.
98-
99-
Additionally, evaluate whether the service itself could be moved to Azure so that more secure service account types can be used.
97+
Microsoft doesn't recommend use of on-premises user accounts as service accounts. For services that uses this account type, assess if it can be configured to use a gMSA or an sMSA. In addition, evaluate if you can move the service to Azure to enable use of safer account types.
10098

10199
## Next steps
102100

103-
To learn more about securing service accounts, see the following articles:
101+
To learn more about securing service accounts:
104102

105-
* [Introduction to on-premises service accounts](service-accounts-on-premises.md)
103+
* [Securing on-premises service accounts](service-accounts-on-premises.md)
106104
* [Secure group managed service accounts](service-accounts-group-managed.md)
107105
* [Secure standalone managed service accounts](service-accounts-standalone-managed.md)
108-
* [Secure computer accounts](service-accounts-computer.md)
106+
* [Secure on-premises computer accounts with AD](service-accounts-computer.md)
109107
* [Govern on-premises service accounts](service-accounts-govern-on-premises.md)
110-
111-

0 commit comments

Comments
 (0)