I need a solution
Hello All,
We are planning on deploying SEPM soon. We currently have 2 AD domains. Neither AD domain is allowed to talk to the other. I would like to be able to manage SEP clients in those domains from a single SEPM server. NOTE: We will not be using SEPM to push the clients, so standard SMB ports will not be allowed/required. Correct me if I'm wrong, please! 
Also, we will not be using AD to import computers into SEPM.
My plan was the following:
1) Install SEPM and SQL Db in a zone that has access (to an extent) to both domains. This will allow us to manage all SEP clients and get reporting for both domains in one console.
2) Create SEPM admin/reporting accounts that authenticate to a single AD.
Questions:
- If SEPM console admins/reporters use AD authentication on Domain A and a SEPM admin/reporter tries to access the SEPM console in Domain B, does SEPM handle the AD authentication or does the client? The latter would be an issue because Domain B would not be able to access Domain A. From what I've seen, you're authenticating to SEPM and I think SEPM handles the auth for the user instead of the user's computer talking directly to AD for auth.
- I was just wondering with 2 AD domains if we created SEPM accounts that authenticated to one AD domain, should they be able to access all of the SEPM data/reporting for all clients in the SEPM? It sounds logical, but I want to make sure.
- Does the SEPM need access to the AD in Domain B for any reason if we will not be performing AD imports or push deployments? SEPM would be used mostly for policy deployments and LiveUpdate.
Thanks,
Mitesh