This isn't possible in a VM offer. You can, however, achieve this customer experience using an Azure App. When you create a Solution Template based on an ARM template, you can define which VM size options are presented to the user.
Hope this helps!
Thanks Brian for the suggestion.
We cannot use a Solution Template since the artifacts used for deploying have to be made public. In order to restrict this, a Managed App looked like it would solve this issue but this also has a challenge: When a user deploys a managed app, we (as a vendor) will always have read only access to the user's resources, including ability to view logs, metrics. We want to avoid any kind of access into a users environment. There's no way to disable this in the listing. Is that accurate?
Solution Template and Managed App should really be same except that Managed App does provide the ISV management permissions in the customer's tenant. Can you elaborate on your comment about artifacts needing to be public? Do you want them to be public or not public?
Our artifacts, e.g. the Azure image cannot be made public which is a requirement when using a Solution Template. Is that correct?
The option to use a Managed app is in response to the issue above with a Solution Template, where we can restrict the Azure image from users. However, as you said, the Managed App grants the ISV management permissions in the customer's tenancy. This is different from a VM offer where the ISV has no access to the customers resources, even though it's Read only. The Managed App hence has an additional legal implication for the ISV gaining access to the customers resources and there's no way to disable this Read Only access with a Managed App.
Due to these complications with a Solution Template & Managed App, the original question: how can we restrict the Azure Image being used for a VM offer?
When using a Solution Template, your software would actually be a VM Image exactly like a VM Image offer but deployed as a set of resources rather than only the VM. So the privacy and security of your solution would be the same with a VM Image or a Solution Template, and the benefit of the latter is that you can restrict the VM size options, etc.
In fact, the way to do it is to create the VM Image offer, configure it to be private (meaning it's not discoverable without the unique name you've defined), and then design the Solution Template to deploy that hidden VM image.
Does this make sense or is my explanation a bit confusing?
That does make sense. However, my question still holds: In a VM offer, the image (VHD) is in a blob store location where public access has to be granted. How can we restrict access to the image that's part of the offer?