Hello @Matt Barron ,
Thanks for reaching out.
From your query, I understand that you have IIS based application running on Azure VM which joined to Azure Active Directory Domain Services instance hence wanted to know if service account can be used to run services.
Azure AD DS lets you continue to use service accounts in the same way. You can choose to use the same service account that is synchronized from your on-premises directory to Azure AD or create a custom OU and then create a separate service account in that OU. With either approach, applications continue to function the same way to make authenticated calls to other tiers and services.
As managed domains are locked down and managed by Microsoft, there are some considerations when using service accounts:
- Create service accounts in custom organizational units (OU) on the managed domain or same service account that is synchronized from your on-premises directory to Azure AD.
- You can't create a service account in the built-in AADDC Users or AADDC Computers OUs.
- Instead, create a custom OU in the managed domain and then create service accounts in that custom OU.
To learn more about, refer following links:
Migrate an on-premises service or daemon application to Azure: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/scenarios#migrate-an-on-premises-service-or-daemon-application-to-azure
Using service accounts in Azure AD DS: https://learn.microsoft.com/en-us/azure/active-directory-domain-services/create-gmsa#using-service-accounts-in-azure-ad-ds
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.