@Troops Welcome to Microsoft Q&A Forum, Thank you for posting your query here
Based on your requirements, I would recommend using Azure Blob Storage and Azure Files Storage with Azure AD authentication and Azure Blob Storage lifecycle management.
Azure Blob Storage is a scalable and cost-effective solution for storing unstructured data such as files, images, and videos. You can store up to 5 PB of data in a single storage account, and you can access the data directly from anywhere in the world using HTTP or HTTPS.
Azure AD authentication allows you to control access to your data by requiring users to authenticate with their Azure AD credentials before they can access the data. You can also configure role-based access control (RBAC) to grant different levels of access to different users.
Azure Blob Storage lifecycle management allows you to automatically move data between different storage tiers based on its age and access patterns. For example, you can configure lifecycle management to move data to the archive tier after it has been in the cool tier for a certain amount of time. This can help you reduce costs by storing data in the most cost-effective tier for its current usage pattern.
To meet your specific requirements, I would recommend the following configuration:
- Create an Azure Blob Storage account with the hot tier enabled.
- Configure Azure AD authentication for the storage account.
- Create a container in the storage account for each set of files that requires different permissions.
- Configure RBAC to grant access to the appropriate users for each container.
- Configure lifecycle management to move data to the cool tier after a certain amount of time, and to the archive tier after 15 years.
With this configuration, you can access the files directly from anywhere in the world using HTTP or HTTPS, and you can control access to the files using Azure AD authentication and RBAC. You can also reduce costs by automatically moving data to the most cost-effective tier based on its age and access patterns.
Authorize access to blobs using Microsoft Entra ID
Azure Storage migration overview
Azure Files Storage with AAD authentication: Azure file shares are suitable for general-purpose file data. This data includes anything you use an on-premises SMB share for. With Azure File Sync, you can cache the contents of several Azure file shares on servers running Windows Server on-premises.
Overview of Azure Files identity-based authentication options for SMB access
Access Azure file shares using Microsoft Entra ID with Azure Files OAuth over REST
There are various migration tools that you can use to perform the migration. Some are open source like AzCopy, robocopy, xcopy, and rsync while others are commercial. List of available commercial tools and comparison between them is available on our comparison matrix.
Open-source tools are well suited for small-scale migrations. For migration from Windows file servers to Azure Files, Microsoft recommends starting with Azure Files native capability and using Azure File Sync. For more complex migrations consisting of different sources, large capacity, or special requirements like throttling or detailed reporting with audit capabilities, commercial tools are the best choice. These tools make the migration easier and reduce the risk significantly. Most commercial tools can also perform the discovery, which provides a valuable input for the assessment.
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.