The following document explains which extensions are identified as executables (see "Object Code, Executable Files, Shared and Dynamically-Linked Libraries"):

https://techdocs.broadcom.com/us/en/symantec-security-software/web-and-network-security/web-security-service/help/wss-reference/advpol_filex10sions_ref.html

COM is one of the mentioned extensions. Looking at har file, the following URL being blocked:

If the Full URL looked like this, where "user123" was the real Hotmail account name:

We can see from the HAR that a user with a Hotmail user name of "user123" would access the url:

https://portal.azure.com/signin/index/@user123hotmail.onmicrosoft.com?feature.argsubscriptions=true&feature.globalresourcefilter=true&feature.internalgraphapiversion=true&feature.prefetchtokens=false&feature.showservicehealthalerts=true&loginHint=user123%40hotmail.com&sessionId=04d8ee8524564ad18f37029e2a5cba02

A shorter URL (https://portal.azure.com/signin/index/@user123hotmail.onmicrosoft.com) is blocked as well.

This shows, that "onmicrosoft.com" domain is as a file extension (changing .com to .net is sufficient to have this URL not blocked).