That sounds unfortunate. I imagine it must've been time-critical, some side-effect of Docker being virtualised? I'd guess the hands-on approach was to avoid a full service disruption that a full shutdown would've caused.

That aside, shielded VM's are very rare, most providers have the ability to see inside VM's, issue commands in them.