Ability to provision gMSA as an Administrative User
As of CB 1702, we can provision AD Users or Groups as administrative users in SCCM. However, gMSAs (Group Managed Service Accounts) can't be directly provisioned - though you can work around that by creating an AD group with the gMSA as a member and provisioning that group in SCCM.
It'd be helpful if we could directly provision gMSAs in SCCM; I don't see any reason why this shouldn't be allowed.
Mark Godfrey commented
Can confirm. It works fine if I add it via PowerShell, but you cannot add gMSAs via the console GUI. My experience also shows that even adding it via it's group membership does not work. It would be nice if it could be added via the other methods as well.
Correction - it turns out that you *can* provision a gMSA directly in SCCM - but only using PowerShell (New-CMAdministrativeUser -Name domain\gmsa$), not the UI. So this is just an inconsistency.