You're giving a third-party company remote admin access to all your systems (by their ability to push their own code updates to your systems).

Some of these services go even further. One time, our IT department was being sales-bombed with a service that would remove our actual login credentials to servers, and then "for security" we'd access said servers using a MITM website kind of thing that would be behind our corporate AD-login. I didn't even find out the full intricate details before telling them to "nope this the fuck out" and stay away with a 10-ft pole.

It's like these people have nothing better to do with their time and just absolutely have to have to design and build a product for the sake of it, and then dump it on marketing for > 0 amounts of sales through pretty-much wearing IT departments down. Or in the case of this Crowdstrike thing, through the protection racket known as security audit compliance.

I'm mandated to use one of those.

The security tradeoffs don't make sense at all once you understand how it works.

Ssh or winrm are significantly more secure than whatever some security vendor thinks will tick an audit box.

10ft pole is an excellent approach.