Hello @Cat Mucius , you cannot set an exception for a specific Azure Storage account (ASA) trough Conditional Access. The [Storage Account] <your-storage-account-name>.file.core.windows.net
application is a special application that exposes an API. You can duplicate this model creating an Azure AD app registration, a custom API that calls the blob service using client credentials (this is authenticating as the aforementioned application). By default and unless you've set workload identities, CA policies won't get fired since you're authenticating as a an application.
Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.