Firstly, let me say that I'm not a network engineer, and I'm not an expert in the realm of VDI. So please forgive my questions if they're elemental.
So, our network guys have created VDI accounts for many people within the organization. Their initial intent was to grant access to applications internal to our network (a la Citrix). They did so, not thinking about the remote access capabilities of VDI.
So from a security standpoint, I have a couple of questions:
Is there any way to tell which VDI accounts are being used for remote access (access to applications from outside the network)?
Can (and if so, how) can VDI accounts be configured to disallow remote access, and only allow access from within our network?
And is there any way to make these permissions changes in bulk (maybe per AD group)?
Thanks in advance for your help!