An inbound network security rule allows traffic from /0 TF-AZU001

Firewall source IPs must be restrictive. Specifying a non restrictive IP range allows your infrastructure to send traffic to unauthorized IP ranges. Specify a restrictive source IP range in the source_addresses attribute. Refer https://docs.microsoft.com/en-us/azure/firewall/overview for an overview.