Thanks for posting your question in the Microsoft Q&A forum.
The most secure connection type for Azure Virtual Desktop is using the Windows App with additional security measures implemented
- Encryption: Both the Windows App and browser connections use TLS for encryption. AVD uses TLS 1.2 for all connections initiated from clients to the Azure Virtual Desktop infrastructure components
- Reverse Connect Transport: AVD utilizes reverse connect transport for establishing remote sessions and carrying RDP traffic. This method doesn't use a TCP listener for incoming connections, instead using outbound connectivity to the AVD infrastructure over HTTPS
- Enhanced Security Features: The Windows App allows for easier implementation of additional security measures, (Multi-factor Authentication, Conditional Access, Private Link)
- Application Control: With the Windows App, you can implement stronger application control through Windows Defender Application Control or AppLocker, ensuring only trusted applications are executed.
- Endpoint Security: The Windows App allows for better integration with endpoint security solutions like Microsoft Intune, providing more comprehensive device management and security controls
Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful