Azure Unblogged - Windows Containers for IT Pros

You can already extend your on-premises file servers into Azure using Azure File Sync, but now you can completely decommission those old on-premises file servers and replace them with serverless Azure file shares. This video gives you a quick look at how to domain join your storage account to your on-premises domain, and configure Azure networking to access your Azure file share from on-premises.
The main reasons many have for having an on-premises file server is speed and efficiency and security.
If for no other reason than caching needed files locally, having all your files in the cloud can't begin to compare to an on premises file server. With max read/write speeds over CIFS, up to 600+MB/s read, and over 300+MB/s write (using CIFS2.1) over a 10gb ether link.
I can't begin to think about the costs that much storage w/speeds at least 10x slower.
The other consideration that US law will need to change to make cloud storage a contender -- is the privacy of your data. As it stands now, as soon as someone shares their data with a 3rd party, it's no longer considered private data that needs a warrant. It doesn't even require notification for the police to examine such data with cloud providers instructed to say nothing under penalty of perjury. I can't see that one changing anytime soon.
This is great. Im interested to know how ACLs are applied to the Azure File share, similar to ACLs on premise applied to a file share.
If the File Share was created directly in Azure, how are ACLs implemented in the first place? If you have file shares on prem and want to migrate them to Azure File share but keep the ACLs in place - how does this work?