Hello Vladimiras Jakovlevas,
Greetings! Welcome to Microsoft Q&A Platform.
To allow access from a Dynamics 365 Microsoft managed environment to an Azure Blob Storage account, especially when dealing with firewall restrictions and private IPs, you can consider using Azure Private Link. Azure Private Link provides private connectivity from a virtual network to Azure services like Azure Storage, effectively bringing the service into your private network.
Azure Storage provides a layered security model. This model enables you to control the level of access to your storage accounts that your applications and enterprise environments demand, based on the type and subset of networks or resources that you use.
A best approach to achieve this is by creating a Private Endpoint for your Azure Storage account, which assigns a private IP address from your virtual network to the storage account then configure the DNS to ensure that the private endpoint is properly resolved within your Dynamics 365 environment. Update your firewall rules to allow traffic from the private endpoint associated with your Dynamics 365 environment.
By doing this, you can ensure that the traffic from Dynamics 365 to the Azure Storage account stays within the Azure network, bypassing the need to whitelist Azure backbone IPs. This method also enhances security by keeping data transfer off the public internet.
refer - https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal for detailed guidance.
Hope this answer helps! Please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.