Hello @MRQ7451 ,
The best option would be to abandon the OnPrem infrastructure, both for performance, security, and potential issues. Since the users will be on M365, they can already work with all their information online (Onedrive), even User folders files (https://support.microsoft.com/en-us/office/back-up-your-documents-pictures-and-desktop-folders-with-onedrive-d61a7930-a6fb-4b95-b28a-6552e77c3057)
The cloud option for roaming profiles (settings, applications, etc) , the way would be the Enterprise roaming profiles:
https://learn.microsoft.com/en-us/azure/active-directory/devices/enterprise-state-roaming-enable
For the logon, I would recommend a Hybrid solution, you can see further here: https://learn.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-managed-domains
All in all, if you are planning "the modern way" you are looking into:
- Logon servers in cloud (Azure AD) which would reduce downtimes and logon times
- Cloud Enterprise Roaming profile (reduced logon times and complexity of deployment)
- Cloud file storage for anywhere access
Regarding compliance and security of data (for example it can be a concern due to health information PII) should not be an issue as Microsoft has one of the highest levels of security and certification to handle private data, with the guarantees and responsability needed. For example for the EU's GDPR: https://learn.microsoft.com/en-au/legal/gdpr
Hope this helps with your question,
--------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept as answer--