https://imgur.com/gallery/PWsbmjN
After much battling and trial and error, I finally cracked this last step of the azure routebased ipsec vpn.\
Basically, follow this https://docs.opnsense.org/manual/how-tos/ipsec-s2s-route-azure.html then add the above rule. Left the wan links in for context with multi-wan.