NPIP / secure cluster connectivity requires a NAT gateway (or similar appliance) for outbound traffic from your workspaceโs subnets to the Azure backbone and public network. This incurs a small additional cost. Also, it is worth mentioning that network traffic between data plane and control plane travels through Microsoft backbone network irrespective of whether NPIP is enabled or not.
But given the fact that you could automate workspace creation via terraform etc and low cost for NAT gateway, IMO NPIP is a better choice.
