Hello HASSAN BIN NASIR DAR
Answering your questions
- No, the virtual machine (VM) that is part of the subnet does not need a public IP to configure a service endpoint between the subnet and a Storage service. Service endpoints uses private IP addresses in the virtual network (VNet) to reach the endpoint of an Azure services
https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-service-endpoints-overview - To verify the connection is established over the internet or the Microsoft backbone network, you can check the effective routes on the network interface of the VM.
Also consider that traffic to a Storage Account in same region as a VM always traverses over the Microsoft Backbone Network.
- It does not matter if you have enabled service end point or not.
- Service EndPoint simply "allows" the traffic at the Storage Account.
- If you were to not to enable service end point, you will see a 4xx Error when you access the Storage account
- If service end point is enabled, you will see a 200 HTTP Success.
- In both the cases, traffic will always be on Microsoft Backbone Network and will use private IP of the VM as source.