Seperate user group for remote access vpn

Hello,

How can I create seperate user group for remote access vpn. Like

We have some users who only can connect to RDP to office from home.

And some users can access to all after remote access.

Currently all users have the same profile . I need to seprate this.

could you explain the configuration about this these scenario.

Thanks

Tusher