SQL Server Agent Security and Network Access
As of SQL Server 2012, SQL and other Microsoft services run on “virtual accounts” by default instead of Network Service. This is part of a defense-in-depth strategy whereby the service running SQL is isolated from other services on the box. The virtual accounts have names like “NT SERVICE\MSSQLSERVER” and “NT SERVICE\SQLSERVERAGENT”. These are local accounts and have pretty limited access to the network. When they do access the network, they present the credentials of the Server, using the server’s name in the form of “DOMAIN\ServerName$”, eg, “Contoso\FinanceServer$”.