I know this one is a bit outdated, but I ran into this question again and noticed that in the answer, there isn't much of an explanation of where to put the xml file that is referenced.
The file can be placed (in Windows) in the "C:\ProgramData\Cisco\Cisco AnyConnect Secure Mobility Client\Profile" folder and then the machine (or all services) need to be restarted for the tile to be removed.
Additionally, you can also place the same xml file in ISE as an AnyConnect Profile in the Policy > Policy Elements > Client Provisioning > Resources section by selecting Add then Agent resources from local disk and entering the information as shown below.
Once you have uploaded the xml file, you can then configure the AnyConnect package and add the DisableVPNGUI package to your AnyConnect settings as seen below. Once the client downloads the new profile from ISE and consumes the new XML data, after a reboot they will no longer have the VPN GUI enabled.
Hope this helps for those that are looking for this.