How to limit groups to SFTP-only, preventing SSH logins

This is pretty straight forward, though surprisingly hard to find information about. I have tested this on CentOS 7.2 and 7.9, with OpenSSH v6.6 and v7.4.

In /etc/ssh/sshd_config, add the following at the bottom:

Match Group sftponly
    ChrootDirectory /shares/uploads
    AllowTCPForwarding no
    AllowAgentForwarding no
    X11Forwarding no
    ForceCommand internal-sftp

This forces users with the group sftponly to only be allowed to SFTP in the directory /shares/uploads. This should work with local groups or with realm-joined (Active Directory as well) groups.
Now restart sshd with systemctl restart sshd.

That's it! There's no special downloads or third party tools needed.