You have a resource group named RG1. You need to prevent the creation of virtual machines in RG1, while still allowing other resource types to be created. What should you use?