@Shiva Sadayan Since using a SAS token was declined and security is a top priority for your customer, your approach looks right to me.
You can use Azure Blob Storage with Azure AD Authentication/Entra ID. Configure the REACT app to chunk the file and upload the chunks to the storage account using Azure AD authentication/Entra ID. This way, you can ensure that the upload is secure and authenticated without using SAS tokens.
If the file size is a concern, consider using Azure Data Factory to upload the file. ADF can handle large file uploads efficiently and can be integrated with your REACT app and Azure Storage.
Implement resumable uploads in your REACT app to handle interruptions or failures during the upload process. This can be done by breaking the file into smaller chunks and uploading them individually, then reassembling them on the server side.
Ensure that your Azure Blob Storage account is secured with the appropriate access controls. Use Azure Key Vault to manage and retrieve any necessary secrets or keys securely.
Once the file is successfully uploaded to the public-facing storage account, you can move it to a private storage account using Azure Data Factory or Azure Functions for additional security.