Need to Address gMSA use with AzureDevOps Server/TFS in this Article

[SamGrantham]

Group Managed Service Accounts are not supported through at least Azure DevOps 2019.1 (and I believe this is unchanged in Azure DevOps 2020)

Would it be possible to add a note either under the #service-accounts anchor or even in the #q--a anchor to this effect?

We might also want to point out that while it is technically possible to manually migrate the accounts to gMSAs 1 by 1 it is not a supported scenario.

for reference, comment by Vladimir Khvostov : https://developercommunity.visualstudio.com/content/problem/788548/devops-server-2019-update-1-unable-to-use-gmsa-as.html

...unfortunately, gMSA accounts are not supported. We considered implementing gMSA support, but it was not high enough on the priority list.

It is possible to configure Azure DevOps Server to run under gMSA account, but it is not trivial. You would need to configure Azure DevOps Server to run under NT AUTHORITY\NETWORK SERVICE for example, grant permissions to gMSA account in SQL Server and local file system and then configure Azure DevOps Server application pools, TfsJobAgent and TeamFoundationSsh services to run under gMSA. You probably will need to grant some other permissions to gMSA account. I want to be very clear that this configuration is NOT supported - you can try it on your own risk...

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: d2580550-d82f-9ecd-57d7-7297f90bc4a5
• Version Independent ID: af919b1d-2f87-c7a2-89d7-9b83c6cae255
• Content: Service accounts and dependencies - Azure DevOps
• Content Source: docs/admin/service-accounts-dependencies.md
• Product: devops-server
• Technology: tfs-admin
• GitHub Login: @aaronhallberg
• Microsoft Alias: aaronha

[SamGrantham]

Can confirm that this is still true for 2020 as well.