Tunnels and when to define an "internal" application vs just using Network Policies directly?

I have a tunnel back to our internal network for things like dns and rdp access and a few https apps. I am not doing any public hostnames. I am trying to understand when/why I would need to define an application with associated policies vs just using Gateway network access policies solely. From what I can tell the only difference would by the ability to add the devices/apps to the Application Launcher portal. Would it possibly also give us better logging?
Thanks for any advice.