I have Azure storage account and Azure VM with my application deployed on it. I am accessing Azure storage account from VM using Managed Identity authentication.
Now I would like to be able to limit access by using Roles.
How can I enable role driver access to the storage account?
Scenarios that I have tried.
I think you are misunderstanding the public access under networking. This does not limit someone from accessing based on roles. It allows any public IP address to connect to the Service.
If you disable public network access then, you need to deploy private endpoints to access the service.
If you want to control role based access, you need to configure the Access Control (IAM) / RBAC. And ensure that anonymous access is disabled, disable storage key access (optional). You can configure access by assigning one of the Storage Data Roles https://learn.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage (e.g. Storage Blob Data Contributor) either on the Storage Account or just one container.
https://learn.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal
Edit: If you access the Storage Account via the Portal either enable "Default to Microsoft Entra authorization in the Azure portal" or switch to Entra authorization when opening the blob tab. Otherwise you will get an error when Key based access is disabled or you will by default use the key based authentication instead of entra.