@Love Arinze
Based on the information you provided, it seems like you want to restrict outbound connectivity for VM2 only and it is in the same subnet as VM1. One way to achieve this is by using Network Security Groups (NSGs). A network security group contains security rules that allow or deny inbound network traffic to, or outbound network traffic from, several types of Azure resources.
You can go to the NSG associated with the NIC of your VM2 and restrict outbound access as shown below. You can use the internet service tag which contains the IP address space that's outside the virtual network and reachable by the public internet.
If there is no NSG applied to the NIC you can apply the rule to the NSG associated to the subnet as well with Source as VM2's private IP. I hope this helps! Let me know if you have any further questions.