The malicious IP detection functionality of OMS can not only detect the outgoing communication from your Azure VM to a malicious target.
It can also detect incoming connection attempts to your Azure VMs. For example you would like to know who tries to access your Azure VM via RDP. Then you should give OMS with the Security & Audit solution a try.
In combination with the Alerting Preview you can get informed automatically when someone tries to access your Azure VM via RDP.