What are the post steps after changing SQL engine and agent accounts?

In a default SQL installation the engine account is NT Service\MSSQLSERVER, and agent account is NT Service\SQLSERVERAGENT In SQL security I can see them both listed as logins with sysadmin role. These are also having the necessary security permissions on the various folders automatically. If I change the engine and agent account via the config manager to domain or local accounts (like mydomain\sqlengine, mydomain\sqlagent), then: 1. Do I need to create these accounts under SQL security and assign sysadmin role to them? 2. Are there any other post steps (like any other permissions assignment - like following: https://learn.microsoft.com/en-us/sql/database-engine/configure-windows/configure-windows-service-accounts-and-permissions?view=sql-server-ver16#Windows - or is this implicitly applied via the virtual account?)? 3. Can I delete the above 2 NT Service accounts from my SQL server logins? The reason for asking is that - I know that behind the scenes SQL engine makes use of the service sid NT SERVICE\MSSQLSERVER account, and agent makes use of NT SERVICE\SQLSERVERAGENT, for the various folder permissions (data/log/etcetra), and windows privileges and rights like Log in as a service, Replace a process level token, etcetra. But does it still use this virtual account to access the folders/files even after changing the SQL server engine service account to a domain user account? **When I changed the SQL server service account via the configuration manager to a domain user account, it made no automatic changes to the data or log folder or file permissions. The folder/file security popup had always been showing MSSQLSERVER (not the domain user account) and the SQL server works perfectly fine.** Does this mean SQL server engine uses NT SERVICE\MSSQLSERVER even though the SQL engine service account is changed to a domain user account?