Moving this to General Product Topics since this not specific to vSEC.
Even if we had an Application Control category, you can't use Application Categories in the HTTPS Inspection rulebase.
For your specific use case, is it to reach ANYTHING in the Azure fabric or specific applications?
If just specific applications, then you can just put the specific IPs in as destinations in your HTTPS Inspection rulebase.
If you're talking about anything in Azure in general, we don't have a ready-made solution today.
That said there is functionality under development to support automatically updating dynamic objects for the purposes of using them in things like the HTTPS Inspection policy.
Right now this functionality is focused on Office 365, though I suppose it could be extended to Azure easily enough.
It's available as an Early Availability fix on top of R80.10.
If you're interested, I recommend reaching out to your local Check Point SE.