A client has a scenario where a VM has been deployed in Azure which has an on-premise Gateway installed for Powerapps and flows. Currently, this VM has full internet access via the firewall for the team to be able to test and make sure everything is working fine.
The client has now requested that we limit the traffic for this VM just to the O365/Power Platform environment.
So after a lot of research, trial and error I have successfully been able to lock down the VM to only being able to access the PowerPlatform resources required. This was not easy with a number of IP groups created and applied on the firewall as well as access to common services and some specific URL's