I have had a few customers who wanted to whitelist or lock down the Azure IP datacenter traffic. The good news is we have an IP subnet list of Azure Compute services (e.g. VMs, VM scale sets, Batch, Service Fabric, Container service, SQL, HPC and App Service) available for download on up to a weekly basis.
This worldwide datacenter IP list refreshes itself every week on Wed so make sure you pull this feed prior to the following Monday if you want to remain ahead of the new subnet updates.
If you want to whitelist U.S. datacenters only there are six datacenters uswest, useast, useast2, usnorth, ussouth, and uscentral to parse. This is the sample view of the IP list feed:
Grab the Azure Compute datacenter weekly IP subnet list here.
What are my network options to secure Azure VMs?
There are several options available to secure and isolate your Azure VMs such as NSGs, OS Firewall, and 3rd party virtual appliance firewall within Azure. See this excellent Network Security guide here: