Hi,
You can configure storage accounts to allow access only from specific subnets. The allowed subnets may belong to a VNet in the same subscription, or those in a different subscription, including subscriptions belonging to a different Azure Active Directory tenant.
Please see https://video2.skills-academy.com/en-us/azure/storage/common/storage-network-security
Best regards,
Radu