Hi @Anonymous
Thank you for asking this question on the **Microsoft Q&A Platform. **
I am not from Microsoft, but I think I can answer you.
The Storage Account Firewall is a Static Firewall, which means it doesn't have capabilities for Malicious IPs Detection, Intrusion prevention, SQL Injection, OWASP recommendations/rules, DDoS.
With the Storage Account Firewall, you only can allow VNets, Private Endpoints, or specific Publics IPs
Indeed, you'll require an additional NVA or "Azure Firewall" service to achieve this goal
Hope this helps!
----------
Accept Answer and Upvote, if any of the above helped, this thread can help others in the community looking for remediation for similar issues.
NOTE: To answer you as quickly as possible, please mention me in your reply.