Today, we enabled additional Active Directory (AD) features in AWS Directory Service for Microsoft Active Directory (Enterprise Edition), also known as AWS Microsoft AD, that make it easier to migrate more .NET applications to the AWS Cloud. You can now improve the security of .NET applications by using group Managed Service Accounts (gMSA) and Kerberos constrained delegation (KCD) enabled features. With gMSA, you can narrow permissions to your account, thereby reducing risks by not using built-in user accounts with full server control. gMSA makes it easier to manage .NET applications by creating and rotating the account password automatically, and a single account can be used by one or more application servers.