Last year the Azure Automation team introduced so-called hybrid workers. With this feature, the AzA database and management services still reside in the Microsoft cloud, but some or all of the work can be performed on servers in your datacenter (or in a different cloud) and which you control.
One of the original challenges to implementing hybrid workers was all of the ports that had to be opened between the hybrid workers and the management components in the cloud. Much of it was easy. The hybrid worker could be fully configured and reporting to the core of the management system using only port 443. But to actually pick up work, the hybrid workers needed to talk to the Azure Service Bus, which required opening up a whole lot of ports to a whole lot of IP addresses. Some network security teams get cranky when you ask them to do that.
Recent updates modified the network requirements, and radically simplified the port requirements.
Now, the only hole that needs to be opened on the corporate firewall is outgoing TCP on port 443. It is now a simple, well understood, reasonable request to the network security team. And in most companies, that connectivity is already in place.