You can activate or deactivate normal lockdown mode in VMware Cloud Foundation to increase the security of your ESXi hosts.

To activate or deactivate normal lockdown mode in VMware Cloud Foundation, you must perform operations through the vCenter Server. For information on how to activate or deactivate normal lockdown mode, see "Lockdown Mode" in vSphere Security at https://docs.vmware.com/en/VMware-vSphere/index.html.

You can activate normal lockdown mode on a host after the host is added to workload domain. VMware Cloud Foundation creates service accounts that can be used to access the hosts. Service accounts are added to the Exception Users list during the bring-up or host commissioning. You can rotate the passwords for the service accounts using the password management functionality in the SDDC Manager UI.