Can a SQL VM machine be added to a Azure Resource Group whereby only a select group of users have access to the VM machine excluding the tenant Admin. To reiterate the list of users that can access the VM machine differ to the tenant admin who would be unable to access the VM machine; unless granted the login details?
I understand this is maybe at odds with general practice however it would be helpful to understand whether the security model supports such a situation.
