When logging into the vCenter Server associated with the workload domain, select the cluster (where vLCM, personality, or desired state is enabled) and go to the 'Update' tab. You may notice the following:

• The compliance status of hosts is displayed as unknown.
• The NSX-T upgrade for vLCM domains fails during the remediation process

VMware NSX-T Data Center
VMware Cloud Foundation 4.x

This issue occurs because, starting with vSphere 7.0 Update 1, enabling lockdown mode on hosts within vLCM-enabled clusters causes the host compliance status to be reported as unknown

This issue is addressed in VMware vSphere 7.0 Update 1c, which is available for download from Broadcom Downloads (Broadcom Downloads)