Yes - you can configure service endpoint (to route the traffic from the VM to the Azure Storage account via backbone) and Azure Storage firewall (to allow incoming traffic via public endpoint from the public IP address you designate) at the same time (that's the Enabled from selected virtual networks and IP addresses option on the Networking page of the storage account)
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin