@damiank Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
Adding more information to the above response! You can use Shared access signature (SAS) can be used to restrict access to either an entire blob container or an individual blob. This is because a folder in blob storage is virtual and not a real folder. You may refer to the suggestion mentioned in this article
Additional information: Authorizing access to Azure Storage
If you use ADLS Gen2 you can set an ACL on a folder.. For existing storage account blob container/ folder : Access control lists (ACLs) in Azure Data Lake Storage Gen2
Azure Data Lake Storage Gen2 implements an access control model that supports both Azure role-based access control (Azure RBAC) and POSIX-like access control lists (ACLs). This article summarizes the basics of the access control model for Data Lake Storage Gen2.
ACLs are applied on the file and folder level. The key thing to remember is that you are always going to need RBAC Control Plane permissions in combination with ACLs. Best practice is to assign your security principals RBAC Reader role on the Storage Account/Container level and continue with more restrictive ACLs on the file and folder level.
There are two types of ACLs:
Access ACLs: They control access to an object. An object can be a file or a folder.
Default ACLs: These are ACLs assigned on the folder level only which get inherited as Access ACLs by the child file or folder.
You can also configure directory and file level permissions over SMB in Azure File Share (After you assign share-level permissions with Azure RBAC, you must configure proper Windows ACLs at the root, directory, or file level, to take advantage of granular access control.)
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.