Hello Greg,
Greetings! Welcome to Microsoft Q&A Platform.
It sounds like Azure Files might meet your use-case. Azure Files offers fully managed file shares in the cloud that are accessible via the industry standard Server Message Block (SMB) protocol or Network File System (NFS) protocol. Azure file shares can be mounted concurrently by cloud or on-premises deployments. Azure Files SMB file shares are accessible from Windows, Linux, and macOS clients. Azure Files NFS file shares are accessible from Linux or macOS clients.
Azure Files supports identity-based authentication over Server Message Block (SMB) through on-premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS).
refer this planning doc for more detailed guidance - https://learn.microsoft.com/en-us/azure/storage/files/storage-files-planning, https://azure.microsoft.com/en-in/products/storage/files/
While Azure Files provides good performance, consider the latency introduced by accessing files over the internet. Sync Frequency- Updates between on-premises and cloud are near real-time, but the exact frequency depends on your sync settings.
For Laptops (Out of Office): Map drives directly to Azure Files from laptops. Users can access files even when not in the office. Changes made on laptops will sync to Azure Files based on your sync schedule.
Power Users (In the Office): Map drives to the Azure Files Sync server instance in the office and changes made in the office will sync to Azure Files and vice versa.
Azure File Sync uses a sync interval (default is 24 hours) to replicate changes between on-premises and cloud and you can adjust the sync interval based on your needs. For more frequent updates, consider reducing the interval. Note that changes are detected and synced incrementally, so only modified files are transferred.
If you make a change to the cloud endpoint (Azure file share) directly, changes first need to be discovered by an Azure File Sync change detection job. A change detection job is initiated for a cloud endpoint only once every 24 hours. For more information, see Azure Files frequently asked questions.
Changes made to the Azure file share by using the Azure portal or SMB are not immediately detected and replicated like changes to the server endpoint. Azure Files does not yet have change notifications or journaling, so there's no way to automatically initiate a sync session when files are changed. On Windows Server, Azure File Sync uses Windows USN journaling to automatically initiate a sync session when files change.
To detect changes to the Azure file share, Azure File Sync has a scheduled job called a change detection job. A change detection job enumerates every file in the file share, and then compares it to the sync version for that file. When the change detection job determines that files have changed, Azure File Sync initiates a sync session. The change detection job is initiated every 24 hours. Because the change detection job works by enumerating every file in the Azure file share, change detection takes longer in larger namespaces than in smaller namespaces. For large namespaces, it might take longer than once every 24 hours to determine which files have changed.
To immediately sync files that are changed in the Azure file share, the Invoke-AzStorageSyncChangeDetection PowerShell cmdlet can be used to manually initiate the detection of changes in the Azure file share. This cmdlet is intended for scenarios where some type of automated process is making changes in the Azure file share or the changes are done by an administrator (like moving files and directories into the share). For end user changes, the recommendation is to install the Azure File Sync agent in an IaaS VM and have end users access the file share through the IaaS VM. This way all changes will quickly sync to other agents without the need to use the Invoke-AzStorageSyncChangeDetection cmdlet. To learn more, see the Invoke-AzStorageSyncChangeDetection documentation.
We are exploring adding change detection for an Azure file share similar to USN for volumes on Windows Server. Help us prioritize this feature for future development by voting for it at Azure Community Feedback.
Assign share-level permissions : https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-assign-permissions?tabs=azure-portal
Configure directory and file-level permissions over SMB : https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-ad-ds-configure-permissions
Similar thread for reference - https://learn.microsoft.com/en-us/answers/questions/435164/azure-file-sync-question
Hope this answer helps! Please let us know if you have any further queries. I’m happy to assist you further.
Please "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.