You can create a rule like below:
<rule name="rule1" enabled="true" stopProcessing="true">
<match url="^owa(.*)$" />
<conditions>
<add input="{REQUEST_URI}" pattern="^/owa/auth/logon.aspx(.*)$" negate="true" />
</conditions>
<action type="AbortRequest" />
</rule>
After that, all of the requests which start with https://webapp.mydomain.net.br/owa
will be blocked except request start with https://webapp.mydomain.net.br/owa/auth/logon.aspx
If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.