Normally customers create a specific user account with specific access/permissions on the vCenter side of things and configure that user in the UIM vmware probe to control/restrict administrative access.
You can restrict access on the vCenter side by creating a user in vCenter that only has access to the machines you want, and then configure the vmware probe to use those credentials. Depending on your specific requirements, you might need to use multiple vmware probes on different robots with different origins, each configured with a different set of vCenter creds that can access specific vCenters/VMs.
1. Create a separate special administrative-level user on the vCenter side.
2. Restrict permissions to one or more Virtual Machines
3. Configure that user in the vmware probe
4. Cold start the vmware probe (Deactivate-Activate)
5. Check the results to make sure the user does not have access to those VMs, hence they cannot be monitored by the vmware probe and cdm will take precedence for monitoring and no new/further dupes should be possible.
vmware probe discovery:
How to exclude specific VMs from vmware probe discovery
VMWare probe - disable discovery of virtual machines (VMs)
Best Practices for vCenter Server Access Control
vSphere permissions and user management