Moved my question into the new thread:
Currently I am facing the problem: how do I limit the outgoing traffic from an Azure VM to an Azure Database (PaaS)?
I have the database server named: m8abcdefghf7.database.windows.net but according the docs the IP address associated may change at any time. Also there is no way to specify FQDN (dns name) in the NSG rule.
What is the way to limit the outgoing connections to the Azure hosted DB (or any other Azure services) without creating a rule to allow outgoing traffic to the full MS Azure IP address space?
This is one of the PCI DSS requirement and I can't see how I can satisfy it currently. Please assist.