Yes, you can set authentication for this.
Login to SEPM
Clients page
Select your relevant group
Policies tab
Under Settings select General Setting
Security Settings tab
Check the box for "Require a password to stop the client service"
Click OK and once the client pickd up the policy change, run smc -stop and it will ask for the password