Create Azure Firewall and configure Application rules. Do not create network allow rule for port 80, 443 as it will take effect and the application rules are not taken into effect.
So in the Application rules, create a deny all rule with less priority and allow rules for the websites that you wish to allow with higher priority.
It is important to force all traffic from the VM to Firewall so that Firewall can process the traffic. This can be achieved by adding route table to the VM subnet