Hi,
If you want to block public access to storage account you need to create a private endpoint for it - your first option. Did you follow all needed steps for this? (including private dns)
https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints
Hope this helps!