In this video, demonstrated private endpoints for Azure.

You can use private endpoints for your Azure Storage accounts to allow clients on a virtual network (VNet) to securely access data over a Private Link. The private endpoint uses a separate IP address from the VNet address space for each storage account service. Network traffic between the clients on the VNet and the storage account traverses over the VNet and a private link on the Microsoft backbone network, eliminating exposure from the public internet.

Using private endpoints for your storage account enables you to:
Secure your storage account by configuring the storage firewall to block all connections on the public endpoint for the storage service.
Increase security for the virtual network (VNet), by enabling you to block exfiltration of data from the VNet.
Securely connect to storage accounts from on-premises networks that connect to the VNet using VPN or ExpressRoutes with private-peering.