All SPLA relevant Windows VMs need to be scanned directly as well, in order to report them on the SPLA reports, as scanning them over the Hypervisors only extracts basic info about the VM but doesn’t retrieve any info that is present inside the VM, including any software/users that are present on it.