login.microsoftonline.com is a globally distributed service with multiple IP addresses. If it is possible I would suggest outbound proxy filtering by hostname (FQDN) instead of IP for such endpoints or else you end up with a huge maintenance overhead if a vendor e.g. Microsoft change the IP address.
If you are using Azure Firewall then this is the feature https://learn.microsoft.com/en-us/azure/firewall/fqdn-filtering-network-rules
Similar features exist with Fortigate etc..