My current SEP deployment for some 50k endpoints is a SEPM in the US and a SEPM in Europe and both have a pretty even split 50/50 for the number of endpoints. I am not currently replicating any data and all endpoints are imported via active directory OUs and then each locatuon specific OU has its own GUP policy so I have a few hundred LU policies to manage. For this reason location awareness is next to impossible without creating a location policies in hundreds of OUs. The issue is that inheritence is turned off because the location specific LU policies I have, so there is no top down policy push available.
Therefore, it is decided that when we deploy 12.1.2 we will be moving away from AD structure to a manul SEP based structure. I was just curious the layout that some folks use for a large scale deployment such as this. My plan would be remove the SEPM in Europe and use a single point of management. I was thinking to use some 3-4 SEPMs to manage all the endpoints as 2 is recommended beyond 25k endpoints I believe.
While the infrastructure is part of it, my bigger concern is over the group structuring for such an environment, I want to keeps things fairly simple while remaining structured. Coming from the AD layout, this is a huge configuration change. My current thougt is to have Domain Controllers, US and International under My Company. Then under International and US have Workstations and Servers. This would be a super basic esy to manage design as compared to what i have now, but that is what concerns me. Is this too simplistic of a layout? Should I divide the systems up a little more? This is where I am really looking to try and gather information. What are some layout/configurations that others are currently using?
Any and all ideas are welcome and appreciated.