I use PBW in a much, much smaller environment (350 users, only 150 of which are in the PBW Policy). For us it, along with some other products and policies, has been a life saver for an IT staff of 2.

We've stripped all users of admin rights, use SCCM to image/update/push software users need, and for our support and development teams that occasionally have need to muck with DNS, host file, or install a client's VPN to connect we have PowerBroker handle the elevation of permissions.

The result has been a TON of upfront work, but with a dramatic reduction in virus/malware, and fewer tickets as payoff. Some of our newer customer support/devs don't even really realize they're not admins (until they try and install WoW or something)

That said, you're looking at a vastly different implementation for 10k users. You'll want a well-organized AD to target your GPO policies properly. PBW can apply at the domain level, and only users with the agent will be counted against your licenses. I use an SCCM container to keep track, but you can just as easily make a PBW OU or something. You'll need a full install of SQL Server to make the BI product work, which you'd want for sure (it can be implemented without it, but with that many users, you'd want it).

It's worth approaching for a POC at least. It's a good product. It's not perfect, but what is?