AuthLite Interactive Documentation
Quick Start: Install and protect Domain Admins AuthLite Features Supported Tokens Installation and Upgrading Configuration Token Management How to Log In Troubleshooting

To require 2-factor for AuthLite users to all shares on the domain, deploy a group policy Denying network access to the AuthLite 1-Factor Session Tag group.

Install AuthLite on the machine from which you intend to access the shares.

In general if your file servers use Kerberos, then they should pick up the 2-factor logon from your workstation's Kerberos ticket. Windows Explorer does not re-prompt for credentials when it receives an "Access Denied" error (except for admin($) group shares).  AuthLite does not provide a way to give new 2-factor credentials to Explorer at the time of share opening. So your user must supply 2FA at logon time and rely on the kerberos single sign-on.