Note: Due to personnel changes, I am assuming responsibility for our Sophos infrastructure, and I am in no way a SME on this.
My organization recently acquired a new company's infrastructure, in a remote location, on a separate domain. We are using Sophos Enterprise Console 5.5.1 for our internal assets, and the goal is to install Sophos on their devices, and manage them from our internal management server. It's worth noting we will only be managing a very small handful of their devices -- roughly 10-20.
I was led to believe that creating a message relay which is publicly accessible for their domain, within our DMZ, is the correct way to accomplish this task - as illustrated in the following KB (https://community.sophos.com/kb/en-us/50832):
I've created a Windows 2012 R2 message relay and installed Sophos Endpoint Security and Control on it. After reading through this KB on creating the message relay, and this KB on using the ConfigCID.exe, I am a little fuzzy on the following details:
TL;DR -- Can I use my existing management server as the distribution point/update location, and if so, do I run ConfigCID.exe from the management server with configcid \\[Management Server]\SophosUpdate\CIDs\S000\SAVSCFXP as the command?
configcid \\[Management Server]\SophosUpdate\CIDs\S000\SAVSCFXP
Sophos Enterprise Console 5.5.1 on Windows Server 2012 R2
Message Relay is Windows Server 2012 R2