Information
All standard switches and their port groups must be configured to reject guest MAC address changes. If the virtual machine operating system changes the MAC address, it can send frames with an impersonated source MAC address, enabling it to stage malicious attacks on devices within a network by impersonating a network adapter authorized by the receiving network. To prevent virtual machines from changing their effective MAC address, measures should be taken to enforce MAC address stability or restrict the ability to modify MAC addresses. This helps mitigate the risk of MAC impersonation and potential malicious activities.
Solution
Get-VMHost -Name $ESXi | Get-VirtualSwitch -Standard | Get-SecurityPolicy | Set-SecurityPolicy -MacChanges $false
Get-VMHost -Name $ESXi | Get-VirtualPortGroup -Standard | Get-SecurityPolicy | Set-SecurityPolicy -MacChangesInherited $true