As a sysadmin I also hate this. Instead, I do block stuff based on DNS requests and I also block any other DNS provider as well as malicious IPs.

At this point in time, Microsoft is the bigger enemy here - some of their policies are just insane and none of this MITM will help [0][1]

[0] https://www.microsoft.com/en-us/microsoft-365/roadmap?id=490...

[1] https://techcommunity.microsoft.com/blog/microsoft365copilot...