The

tunnel-group ... webvpn-attributes
 group-alias ... enable

implies that

webvpn
 tunnel-group-list enable

is also configured. If you don't want to let your users choose connection profile (no tunnel-group-list enable), use group-url binding method instead:

<ClientInitialization>
<AllowManualHostInput>false</AllowManualHostInput>
</ClientInitialization>

<ServerList>
<HostEntry>
<HostName>TEST (BYOD)</HostName>
<HostAddress>my.vpnserver.com</HostAddress>
</HostEntry>
</ServerList>

tunnel-group ... webvpn-attributes
 group-url https://my.vpnserver.com enable

I hope I didn't misread your question.