We have a an active SMC deployment in our environment, with our users registering devices via our SSP. We have 800+ devices registered and all is working well.
When we set up the SMC environment we created a specific AD security group for SSP access, let's call it SophosMobileSSP, that all Domain Users are automatically added to. The problem is that we're seeing some staff not being able to access the SSP and our operations team believe because we've created a two step AD authentication (e.g. SophosMobileSSP AD group just looks up the DomainUsers members) it's causing problems and they recommend we just change the SMC settings so it refers to the DomainUsers group.
I had a look at the System set up menu and it looks relatively straight forward to change the group from SophosMobileSSP to DomainUsers but I do get the usual "The directory configuration can not be modified because 854 devices are still linked to the directory" message and I'm concerned that if I try and change this group that all 800+ devices may need re-enrollment. And nobody has time for that.
Has anyone made this change and experienced problems?
Tl:dr: How serious is the 'don't modify the directory configuration' message?
This thread was automatically locked due to age.
