This should work by using the app Enforced Restrictions Session Control in Conditional Access - If you Define One Policy With that setting and Exclude the IP Address of your LAN Breakout (remember, Entra ID / Azure AD does not see your internal IP Range) the configured Restrictions Apply.
Only setting the checkmark in conditional Access is not enough, the Application that is supposed to Enforce the Restrictions also has to know what restrictions to apply.
Since you want to Restrict Files you would have to configure SharePoint how to Handle unmanaged Devices - https://learn.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices#advanced-configurations - Scoping only for Teams requires you to create your own automations to detect and apply the Restrictions through PowerShell.
I don't know by heart how Uploads are handled, but hopefully this gives you something to try.