...
There are five key administrative benefits associated with MSAs:
MSAs offer enhanced security that is provided by having individual accounts for critical services
You can create a class of Domain Service Accounts that can be used to manage and maintain services on local computers.
Network passwords for MSAs are automatically reset.
You do not have complex service principal name (SPN) management tasks when using Managed Service Account.
Administrative tasks for Managed Service Account can be delegated to non-administrators.
See Microsoft’s documentation for details.
...
If you are using an account that requires a password or private key, these secrets must be kept safe. Using a password safe is one good option. Another option is an encrypted, secured document that requires a passcode to open. Make sure the encryption algorithms are using current industry standards. Access to a password safe or encrypted document should be auditableFor security keys, you can also consider using a key management solution that has more features to manage the full key “lifecycle”. Western has a service from Microsoft, Azure Key Vault, that functions as a hardware security module, or HSM. You can open a ticket with ATUS if you want to learn more. Whatever solution you use, make your secrets are protected using industry standard and current encryption algorithms. Lastly, access to view, store and delete keys should be auditable, and your storage solution should support versioning.
Informational Resources
Managed Service Accounts and Group Managed Service Accounts on Windows
...