And it generates this policy:

I think it would be better, if it would generate a policy to allow egress to 'vortex.data.microsoft.com' only. This would allow me, to build all dependency in learning mode and then switch to protect mode.

Nevertheless, the new visibility in connections makes creating policies easier for me.