Anyone ever tried (and succeeded?) to disable ZCC (and other admin/reporting
stuff) on a primary server and but keep it functional for devices to connect,
auth, upload inv datat, download bundles etc.?

Background: we'd like to manage devices over the Internet (many many mobile
users) but would like to avoid making ZCC accessible to the whole world. After
all hacking ZCC would allow an attacker to easily gain a lot of information
about our enterprise through reports and even allow him to push malware to all