L7 firewall blocking is not recommended anymore...!
Especially when what you want can be achieved by a simple TCP port block..!
I don't think that a simple block will do it.
Which ports does AnyDesk use?
To connect to the AnyDesk network port 80, 443 or 6568 is used. For standard listening port direct line connection is 7070 (TCP).
You could block port 7070, but IIRC this is user configurable.
Also you cannot block port 80/443 obviously, so the anydesk client will be able to reach the anydesk servers, and from there I believe if port 7070 is blocked, it will work over 443.
I've used Anydesk using squid proxy (on networks without even a default gateway to the outside world) that did not allow port 7070 and it still worked perfectly fine.
I think both Anydesk and Teamviewer fallback to port 443 which is almost universally allowed in firewalls. And both can even use an http proxy to still receive incoming connections.
@danniell2 if you control the DNS that the clients use then you may have more luck by blocking *.anydesk.com from resolving. But still, the anydesk client may have hardcoded IPs that directly connect to to bootstrap itself.
I would personally start capturing traffic to see where it connects to and how it behaves every time I block something until I manage to block it completely.