When the system-assigned managed id is the key identification, the main identity subject need to be empty. The storage account's public network access is disabled, relying solely on A personal endpoint. Nevertheless, the private endpoint was possibly configured incorrectly or related to the incorrect DNS zone, resulting in connectivity issues. https://microsoftazureqatar85184.ivasdesign.com/52674383/the-smart-trick-of-managed-azure-ksa-that-nobody-is-discussing