Hello @DanPorter ,
You have mentioned that you are going to setup file , print server on-premise with a small Active Directory environment . The file and print server on-premise use Kerberos and NTLM as a authentication protocol. Conditional access depends on many components in Azure and is dependent on oAuth protocol on which Azure Identity system is based which on-premise AD does not support out of the box. As far as I know there is no way to translate conditional access policies defined in Azure to apply during file share access. Any request to map the share by any user will always use NLTM/kerberos protocol which will go to the local domain controller for authentication and there is no native way to translate this NTML/Kerb to Oauth and send to azure for authentication/authorization.
Hope the information helps. In case you have any further queries , please let us know and we will be happy to help . If the provided information is useful , please do accept the post as answer so that its helpful to others in the community.
Thank you.