Hi,
Is it possible to make any setup, where you can remote control managed devices internally, but only remove view for any external person?
Or maybe have a device added twice, where you can apply 1 policy for 1 group, and another for the other group.
E.g. Policy 1 restrics the remote access to view only on group 1 with device DEV1.
Policy 2 with full access permissions is then applied to group 2, with device DEV1 in it.
So that it is depending on what group you chose to connect from, it will then apply the corresponding policy.
Something like that, or just an option to give seperate accesspolicy permissions for incomming connections.