@Bombbe I understand you are running Ubuntu updates on Azure VMs but facing issues with maintaining a list of IPs in your firewall for http://azure.archive.ubuntu.com. Please correct me if I am misunderstanding anything.
Unfortunately, there is not currently an equivalent Linux/Ubuntu tag for AzureUpdateDelivery. One thing you might consider is running an Azure Firewall instead of local firewall. This would allow you to use FQDN filtering in your network rules.
If you are not open to using Azure Firewall consider using your own private mirror or proxy. This thread gives several great workaround suggestion.
Hope this helps. Let me know if you run into any issues or have further questions.
Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.