Okay. So I haven't resolved the above, but I've now added a 10 Second NetWatch to Azure. On Down state I've added -
:log info "IPSEC Down"
:ip ipsec installed-sa flush
This kills the connection and it re-establishes immediately. Seems okay as an immediate workaround.