"Virtual IP of the host node: Basic infrastructure services like DHCP, DNS, IMDS, and health monitoring are provided through the virtualized host IP addresses 188.8.131.52 and 169.254.169.254. These IP addresses belong to Microsoft and are the only virtualized IP addresses used in all regions for this purpose. Effective security rules and effective routes will not include these platform rules. To override this basic infrastructure communication, you can create a security rule to deny traffic by using the following service tags on your Network Security Group rules: AzurePlatformDNS, AzurePlatformIMDS, AzurePlatformLKM. "
Currently my outbound rules are the 3 default rules. I plan to lock down outbound traffic. Does the last sentence above imply even if I lock down outbound traffic, these Azure platform traffic won't be affected unless I explicitly deny with AzurePlatformDNS, AzurePlatformIMDS, AzurePlatformLKM?