One of the use cases is to allow the QA team users to access the image and deeply the VM with no permission to the Azure portal and other resources.
DevTest Labs User from Azure looks satisfying the below requirements.
- Requirement to only provide DevTest Lab User role to individual QA Testers (and not groups) to isolate one users VMs from another.
- Ability to turn off marketplace images so users can deploy virtual machines only from approved images.
- Ability to restrict virtual machine sizes to only pre-approved sizes.
- No need to create per-user resource groups to apply RBAC and restrict access to specific users.
- Ability to create “formulas” that are a preconfigured collection of virtual machine settings alongside an image, to further simplify virtual machine deployment.