I am working on a customer request where they have SOE devices with VPN and posture hidden. however now the requirement is that the users part of a group in AD should see the VPN client i.e. the VPN client should not be hidden for them, whereas the posture client will still be in stealth mode.
Also moving forward if the user is moved from that AD group then the VPN client + posture module should in changed back to orignal state i.e. both hidden/stealth.
Please let me know if someone have done something similar.
As per my understanding if we do the client provisioning with AD group check as condition then we can push a config profile (let say show.cfg for VPN client and a stealth.xml profile for posture). This will be for set of users who wants VPN available for their use.
below that we can create another rule where we will not match the AD group check and we will push a config file (let say hide.cfg for VPN client and a stealth.xml profile for posture). This will be for all other users.
Please suggest if this looks good for am i missing something.