SEPM Limit User Access To Certain Groups
I manage a large SEPM estate with over 2000 endpoints across over 50 different groups using SEP 11.0.7. Each one of these groups is completely separate to any other. They are different customers.
When I give one customer a logon to access their group of endpoints I create a user account and restrict them to only be able to access the "My Company" folder along with the folder where their endpoints reside. This works fine until I create a new group. Now every user account automatically has access to this new group also.
What I need to do is create a user account which only has access to their group and no matter what other groups get created, the access doesn't change.
So far after creating a new group I need to go in and remove the access to that group from every account. This is not practical anymore due to large amount of user accounts and groups.
Am I creating the accounts incorrectly? How can I make sure that when a user account is created with access to a group the access doesn't change no matter how many additional groups are created?
Thank you in advance for any help / advice.