Credential Guard is meant to isolate secrets so that only privileged system software can access them. In this case it protects the relationship / domain credentials between the client and the domain. Each client has unique secrets between itself and the domain that only that client and the domain controller can decrypt. When you go from one VM to another VM or have a manager like VMM between them, it needs prompt the user for a password to maintain this promise of isolating these secrets.
Unfortunately, this means this behavior is by design to maintain the Credential Guard promise outlined in the above link.