Makes sense, I’m so accustomed to making virtual machines and such that it becomes just a thing but inevitably at some point admin access was required to create the hypervisor, the vnic, a virtual switch, etc. Without that restriction a piece of malware could readily exfiltrate data past a local protection by just making it’s own new pathway through on the fly or any number of other unpleasant things.