I am trying to achieve simillar although we are a small business so we don't even use on-prem AD. My understanding is that without on-prem AD everything is much harder. If you have on-prem AD then I would assume you can just use AD Connect to sync your AD with AAD and then just use the "Active Directory" authentication option on the file shares.
The Fileshares have 3 different auth options (aside from access keys and shared access signatures):
"Active Directory" - For when you have clients with line-of-sight domain controller (I think you need Azure AD Connect to achieve hybrid identities)
"Azure Active Directory Domain Services - AFAIK this has only limited applications. I've read somehwere this is only for "lift and shift" of services to the cloud (which is what you are trying to do) but annoyingly they seem to only allow VMs to take advantage of this option. I have tried to make this work without VMs but rather using an AAD joined laptop with it being connected to the VNET using a P2S VPN but no luck so far. I'd appreciate some insight if anybody has any.
"Azure Active Directory Kerberos" - This solution is for when you don't have line-of-sight domain controller but you do have on-prem AD with hybrid identities achieved using Azure AD.
Hope this helps a little.