@bcb44 , thank you for reaching out to us. There is no direct documentation which is available for this as of now. But, after research, I found a similar setup's link. Since, you are looking for login using Azure AD, whitelisting login.microsoftonline.com:443
shall work and for safe-side, you can add *.login.microsoftonline.com:443
to allow all the matching URLs as well.
Check out similar issue here. The right thing to do is to ensure these and all the endpoints your applications needs, are allowed through the firewall.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.