Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to know if we can only allow access to Microsoft services using NSG.
Currently, this won't be feasible using NSG.
We do not have an explicit Service Tag that we can use in an NSG for Office365 services currently.
However, you can do this by using an Azure Firewall.
You can find a list of Office 365 URLs and IP address ranges here.
You must configure the Azure Firewall to only allow the above URLs and IP address ranges.
These below documents may come in handy:
- What is Azure Firewall?
- Deploy and configure Azure Firewall using the Azure portal
- Azure Firewall Policy rule sets
- Rule processing using Firewall Policy
Hope this helps.
Please let me know should you require more information.
Cheers,
Kapil