Since it seems to have been glossed over in the court transcript, can anyone explain how exactly a VM or client for remote VM could be used to bypass the monitoring?

Wouldn't the monitoring software capture any application's network activities, including a client for a Remote VM? I'm imagining something like Wireshark?

A VM would bypass monitoring software installed on devices the person uses. A VPN would obscure their traffic such that it is encrypted and not easily monitored. Even something like SSH is encrypted and not straight-forward to monitor, so a VPN isn't required to do this anyway.

A remote VM would combine both of these things, where the device/computer is in a location that isn't monitored and accessed by means aimed at bypassing controls in place. Activities carried out from the remote VM are then not monitored.

User + Devices -> VPN/other -> Remote VM -> Unmonitored Activities / Network Access

^ Monitoring is here, but may not capture the rest of the chain

Law enforcement would need to monitor the VM itself to monitor those activities, or I guess request logs from the provider if at all possible.

There's a limit to how much you can monitor someone and I assume there's a degree of good faith in cooperation with these controls. Failure to comply, seemingly, has severe consequences.

Monitoring software installed at the OS level can monitor both traffic and what applications generate it. But if the traffic is coming from a VM, it can only do the former.