Thanks Sindy. That looks great.
I will give it a try soon. In the meantime, I just used a policy VPN gateway in Azure and used the standard IPSEC policy based setup in Mikrotik (with my custom profile and policy settings), which worked perfectly.
Mark