The configuration consists of three key firewall policies:

1. Allowing DNS traffic for domain resolution.
2. Allowing traffic to Azure services.
3. Blocking all other internet traffic.

Without a proper DNS resolution mechanism, users won’t be able to reach Azure services by hostname.

1. Create a policy to allow DNS traffic. This will make sure users can resolve domain names before accessing Azure services.
                                                                                                

2. Create a policy to allow Azure traffic. This allows users to access specific services only.
                                                                              

3. Create a firewall policy to block all other traffic.
                                                                         

After applying the above configuration, users will only be able to access Microsoft Azure services while all other internet traffic remains blocked.

Note: Make sure the Allow policy is above the Block policy.