You can enable or disable normal lockdown mode in VMware Cloud Foundation to increase the security of your ESXi hosts.

To enable or disable normal lockdown mode in VMware Cloud Foundation, you must perform operations through the vCenter Server. For information on how to enable or disable normal lockdown mode, see "Lockdown Mode" in vSphere Security at https://docs.vmware.com/en/VMware-vSphere/index.html.

You can enable normal lockdown mode on a host after the host is added to workload domain. VMware Cloud Foundation creates service accounts that can be used to access the hosts. Service accounts are added to the Exception Users list during the bring-up or host commissioning. You can rotate the passwords for the service accounts using the password management functionality in the SDDC Manager UI.