It’s definitely a high-effort approach to the problem. Most of the time it’s easier to just have “console” machines for administrative access (e.g. customer service reps that have one machine for phone, browsing, etc. and another that’s used purely for privileged access to the internal system.)
The local VM makes sense for cases where the user with privileged access also needs pretty substantial local capabilities. For instance, the only place I’ve seen this used was a major cloud provider, where people with a need for direct production access (not that many people) had one of their machines configured as a “secure console.” The host VM had the ability to call into production, but was very locked down – the user wasn’t admin, and AppLocker policies prohibited running anything but SSH and RDP clients. Meanwhile, there was a guest VM that they had admin on that could be used for engineering work, but it couldn’t talk to prod.
It’s not perfect, but it greatly reduces careless cross-contamination.
Thanks to the Courtesy of :