As a sysadmin I also hate this. Instead, I do block stuff based on DNS requests and I also block any other DNS provider as well as malicious IPs.
At this point in time, Microsoft is the bigger enemy here - some of their policies are just insane and none of this MITM will help [0][1]
[0] https://www.microsoft.com/en-us/microsoft-365/roadmap?id=490...
[1] https://techcommunity.microsoft.com/blog/microsoft365copilot...