Thank you for the feedback. The product team has noted this suggestion and will consider it if resourcing allows.
An error occurred while saving the commentShaun Titus commented
It turns out that the Recovery Services Vault also requires delete to prune old backups. The override should also apply in this scenario. This would allow customers to apply a delete lock at a subscription or resource group level which is much more manageable than resource-specific locks.
We are working on giving more control over authentication within Point-to-Site connectivity to Azure.