Protect your VM against rogue host administrators
What a curious concept. Well I guess it actually makes sense in a large organization, but the traditional way to handle that was separation of concerns and good architecture. Come to think of it, "good" can be tricky.
There is one thing this is going to be useful though, it's a hybrid (on premises & hosted) cloud, where user can be assured that some services won't ever move to the hosted cloud (but are otherwise free to move between on premises, selected "trusted" hosts). Interesting that apparently Microsoft is not trying to sell it this way (with Azure, of course).