I assume you mean the azure firewall is blocking. If you know the ip range of the users you can add the range. Otherwise you need to really open to any ipaddress (not a good idea).
you may also want look at a private vpn or application gateway.
a better design is for azure to host a webapi to the Sqlserver that the desktop app uses.