Don’t ban hosts or any service account automatically. Use conditional accesss, mga for hosts with credentials + IP or client cert. Auto raise a snow ticket for the support team and an alert in your SIEM for your Soc. If you want more detail I’ll put my blog in my profile.