Using a native client does not mean sacrificing security. Because the connection is initiated through the cloud's identity layer, you can enforce policies. This ensures that only authorized users on compliant devices can even attempt to open a tunnel to the internal network. Furthermore, because the target VMs remain on private IPs, they are effectively shielded from internet-based port scanning and automated brute-force attacks. Microsoft Learn
Web-based SSH or RDP clients are convenient, but they operate within the sandbox of a web browser. This imposes strict limitations on functionality. A runs directly on the operating system (Windows, macOS, or Linux), breaking free of these constraints. bastion native client
Here’s a feature concept for the (assuming a context like a cloud access/SSH bastion host client, or a gaming/compute native client—clarify if different): Using a native client does not mean sacrificing security
Third-party session managers like Devolutions Remote Desktop Manager. Security Considerations Furthermore, because the target VMs remain on private