Following the instructions on the Azure Blog, I'm trying to remove public access to our Storage Account and instead have our App Service app only access it via a Service Endpoint.
The App Service and Service Plan are added to the same VNet, and I've configured the VNet on the Service Endpoint.
But the moment I switch on "Allow access from selected networks" in the storage account (and select the VNet and subnet) the web app begins to fail with 403 Forbidden when accessing storage.
Is this supposed to work, or what could I be missing?