Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice. One common way to manage this is by creating a 'deny-by-default' firewall policy which would require a service to be added as an exception to allow access.
In Azure Console -
In Terraform -
References:
https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security?tabs=azure-portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/storage_account_network_rules#default_action