It would be interesting if we could build into the agent a password strength check that would prevent the agent from deploying if the domain credentials are not strong (think min 24 characters, Aa3$, etc) and cross checks common passwords, and breached credentials. Our agent security is only as strong as the domain it's on and if they use the password LiongardAgent1 - it's not secure.