Here is a working configuration for the newer Route Based Azure S2S, tested on Edgerouter Lite with firmware 1.8.5 and ARM.
set vpn ipsec esp-group esp-azure pfs disable set vpn ipsec esp-group esp-azure mode tunnel set vpn ipsec esp-group esp-azure proposal 1 set vpn ipsec esp-group esp-azure proposal 1 encryption aes256 set vpn ipsec esp-group esp-azure proposal 1 hash sha1 set vpn ipsec esp-group esp-azure compression disable set vpn ipsec ike-group ike-azure set vpn ipsec ike-group ike-azure lifetime 10800 set vpn ipsec ike-group ike-azure proposal 1 set vpn ipsec ike-group ike-azure proposal 1 dh-group 2 set vpn ipsec ike-group ike-azure proposal 1 encryption aes256 set vpn ipsec ike-group ike-azure proposal 1 hash sha1 set vpn ipsec ike-group ike-azure key-exchange ikev2 set vpn ipsec ipsec-interfaces interface eth0 set vpn ipsec logging log-modes all set vpn ipsec nat-traversal enable set vpn ipsec site-to-site peer <AzurePublicIP> set vpn ipsec site-to-site peer <AzurePublicIP> local-address any set vpn ipsec site-to-site peer <AzurePublicIP> authentication mode pre-shared-secret set vpn ipsec site-to-site peer <AzurePublicIP> authentication pre-shared-secret <YourPSK> set vpn ipsec site-to-site peer <AzurePublicIP> connection-type initiate set vpn ipsec site-to-site peer <AzurePublicIP> default-esp-group esp-azure set vpn ipsec site-to-site peer <AzurePublicIP> ike-group ike-azure set vpn ipsec site-to-site peer <AzurePublicIP> tunnel 1 set vpn ipsec site-to-site peer <AzurePublicIP> tunnel 1 esp-group esp-azure set vpn ipsec site-to-site peer <AzurePublicIP> tunnel 1 local prefix <YourLocalPrefix> set vpn ipsec site-to-site peer <AzurePublicIP> tunnel 1 remote prefix <YourRemotePrefix> set vpn ipsec site-to-site peer <AzurePublicIP> tunnel 1 allow-nat-networks disable set vpn ipsec site-to-site peer <AzurePublicIP> tunnel 1 allow-public-networks disable set vpn ipsec auto-firewall-nat-exclude enable