I just had a problem when I added a second IP address on Azure to the WAN interface. When getting the IP addresses, the new one ended up higher in the hierarchy, and when requests were made to 168.63.129.16 they failed, because it will only accept requests from the primary address. See here:

• Why is my request timed out for my call to the service?
  Metadata calls must be made from the primary IP address assigned to the primary network card of the VM. Additionally, if you've changed your routes, there must be a route for the 169.254.169.254/32 address in your VM's local routing table.

Even though this is for the metadata address, the rule also applied to the .16 one.

Once I added an outbound NAT rule to always use the primary address it started working again.

How to test it:

1. add a second ip address to the WAN interface via Azure Portal
2. make sure the new address shows ups in interfaces > overview.
3. curl http://168.63.129.16/?comp=versions

It could be that, for some reason, your system does not use the new address, but it happened on mine, I detected it with packet sniffing.
Also, the VM won't be able to connect to the agent backend after that and will show up as "not ready" for "agent status" on the overview page.
Interesting side note: firewall rules show the packet going out, the rule passes, but it never gets a response.

More info:
What is IP address 168.63.129.16?

Tks for your comment here. That's an Azure limitation, the preferable way to use a second Public IP address would be creating a second WAN Nic and using the IP there or Add a Load Balancer to handle it.

Why not just add the rule? People who use this project could end up wasting hours like I did.