Ed,
My apologies. I was able to contact a MSFT engineer that was involved on creating those server.database.secure.windows.net domains. He said the secure.database.windows.net connects to a security proxy in the region. It was intended for use with Sql Auditing and clients <TDS 7.0. However, at this time SQL AUditing no longer uses that domain. That domain was documented previously on Microsoft Learn but as SQL Auditing was no longer using it, then that part of the documentation was removed.
So you can safely remove those entries related to The xxxxxx.secure.database.windows.net and leave the only those entries with domain names like xxxxx..database.windows.net .
My apologies again.
Thank you for visiting Microsoft QA forums.