Option to make a VM inaccessible for tenant user after deployment
When a tenant users deploys a VM or VM role a SMA runbook can be started. If the runbook is being used to deploy extra services to the VM it would be very beneficial if the VM would be inaccessible for the tenant user until the extra services are actually deployed. The VM presence should still be viewable for the tenant user together with a customizable status message.
Is this related to an approval workflow scenario?
Ben Gelens commented
Not really. It's more a scenario where post deployment configuration is still happening outside of the vm role context (e.g triggered by SMA or DSC).
It would be beneficial if the tenant user isn't capable of disrupting this process by making the vm role inaccessible for connections and configuration changes.