Hi, Scott.
You should be able to:
- Stand up Azure Active Directory Domain Services
- Setup an Azure Point-to-Site VPN
- Stand up an Azure storage account, for Azure Files
- Setup storage account with private endpoints for file share (this puts is on the same network as your VPN)
- Create a File share and setup permissions (storage account key first, then for Windows ACLS).
Have a read of this MS document, its very close to what your after: