You need to ensure that only approved applications can access your Azure storage account. What should you configure?
Firewall rules restrict network access to approved sources.
Why this answer
Firewall and virtual network settings with service endpoints allow you to restrict access to specific VNets and IP ranges. Option B is wrong because shared access keys do not restrict by application. Option C is wrong because Azure RBAC controls user permissions, not application access.
Option D is wrong because private endpoints provide private IP connectivity but still require additional controls to restrict by application.