You may test if SMB (tcp/445) is open to external servers if you open powershell and enter this command
Test-NetConnection mystorageaccount.file.core.windows.net -Port 445
The result should be
PS C:\Users> Test-NetConnection mystorageaccount.file.core.windows.net -Port 445
WARNUNG: TCP connect to (52.239.141.200 : 445) failed
WARNUNG: Ping to 52.239.141.200 failed with status: TimedOut
ComputerName : mystorageaccount.file.core.windows.net
RemoteAddress : 52.239.141.200
RemotePort : 445
InterfaceAlias : WLAN 2
SourceAddress : 192.168.3.12
PingSucceeded : False
PingReplyDetails (RTT) : 0 ms
TcpTestSucceeded : False
The result should not be
PS C:\Users> Test-NetConnection mystorageaccount.file.core.windows.net -Port 445
ComputerName : mystorageaccount.file.core.windows.net
RemoteAddress : 52.239.141.200
RemotePort : 445
InterfaceAlias : WLAN 2
SourceAddress : 192.168.3.12
TcpTestSucceeded : True
If you should need to access external resources through SMB configure a dedicated Firewall policy to this one trusted destination.
Best Practice: Block all unnecessary ports.
