We currently have an on-prem domain controller on a VM (VMWare) of Windows Server 2012r2. We have a second VM of 2012r2 that replicates from the first and acts as a failover. We use it for AD DS, Radius (for VPN connection authentication), DNS, DHCP, and GPO. We then have Azure AD Connect running on another server syncing to the Free Azure AD we use for O365. We have a handful of other systems (Cisco phone system, support ticketing, billing system, etc.) that have LDAP connections to our on-prem AD.
We are in the process of moving more and more of our systems to the cloud and this seems like the right time to move more fully to Azure (though feedback on that thought is welcomed as well). With more and more users tele-commuting we thought it would be wise to reduce potential for downtime (our circuit is a single point of failure whereas Azure AD is far less likely to be unreachable), increased security (like taking advantage of MFA and SSO), and built-in self-service functionality.
I'm looking for advice on a few things. First, is it better to keep a domain controller on-prem or just move entirely to Azure? Second, should I be creating a VM in Azure and moving AD there or is it sufficient to just use premium Azure AD? Third, can anyone point me to a decent step-by-step or article on the process of the move or any other resources I should read on this? Anything else I should be thinking about in all of this? Thanks!