Your company is planning to provision blob storage using an Azure Storage account. The goal is to make this blob storage accessible from 20 application servers that are located on the internet. To meet the security requirements of this storage account, you need to recommend a solution that ensures that only the designated application servers have access.

The first step to secure your storage account is to configure a rule that denies access to all traffic, including internet traffic, on the public endpoint by default. After setting up this default denial, you need to configure specific rules to allow traffic from designated VNets. Additionally, you can set rules to permit traffic from particular public internet IP address ranges, which would enable connections from specific internet-based or on-premises clients. This layered security setup will help you establish a secure network boundary for your applications. What should you recommend?