Add the option to configure user security roles within the SEP management console to allow for linking roles to AD groups. Users should be synched at a specified interval if a user is removed from an AD group access is removed to the SEP management console.
This feature should include the ability to report on admin accounts or AD groups that currently have assigned access permissions in order to generate reports to auditors and other governing bodies within an organization.