When connecting to an Azure SQL DB endpoint (somename.database.windows.net), your IP must be listed in that endpoint’s (server’s) firewall:
If you’re connecting to your Azure SQL DB from SQL Server Management Studio 2016 and your IP address is not in the list, SSMS will offer to add it:
You’ll need to sign in with a Microsoft Account or Azure AD account that has permissions to modify those firewall settings. That account’s default directory must be the directory that’s associated with the subscription where the Azure SQL DB server is created though. If it isn’t, you’ll get this error message:
An error occurred while creating a new firewall rule (HTTP Status Code 401)) (ConnectionDlg)
Which as you can see isn’t exactly telling you what the problem is.
How can you change your default directory? Apparently, that’s a feature that’s been requested for more than 2 years: https://feedback.azure.com/forums/223579-azure-portal/suggestions/6239996-choose-default-directory