Securing AnyDesk/Teamviewer

Hello community,

for a customer project we need to implement/allow AnyDesk/Teamviewer for some of our employees. Does anyone have experience and/or best practice recommendations how to secure this kind of remote management software with Zscaler (besides of application settings like MFA, turning on/off particular security settings etc). Especially the default enabled “features” of AnyDesk are - to put it positively - quite comprehensive.

I am thinking of somehow completly blocking INBOUND traffic to these applications via Zscaler/-Z-App, but I fear this is no easy task as AnyDesk/TV are basically working like ZIA/ZPA where only outbound connections are initiated and both ends are interconnected.

Another idea (for the time being my favorite) would be to completely block installation of that stuff on our client-machines and implement some kind of isolated “jumpserver/bastion”-host from where this connections are made.

Any experience/recommendations/advise would be helpful so i don’t have to invent the wheel twice.