I am trying to setup Business central to push files into an Azure storage account which will be integrated into business central configuration, While we are able to achieve this there is a huge security concern that the storage account is connected over public endpoint and only using key authentication. This is a concern because the data will be PII and we have to keep storage account open to all networks. 

• We have tried to use IPs from Business central service tags in whitelisted IPs for storage account but failed because both BC and Storage account is in same region. We got to know in case of same reason BC doesn't use public network to connect it uses MS private network instead which is causing this. 

So, the question is, Do we have any other way to keep the storage account secured and not open to all and still be able to connect to it with Business central.  I am assuming this is a common security concern that you might have seen before considering the nature of data people deal with within BC.