2FA for File Shares
To require 2-factor for AuthLite users to all shares on the domain, deploy a group policy Denying network access to the AuthLite 1-Factor Session Tag group.
Install AuthLite on the machine from which you intend to access the shares.
In general if your file servers use Kerberos, then they should pick up the 2-factor logon from your workstation's Kerberos ticket. Windows Explorer does not re-prompt for credentials when it receives an "Access Denied" error (except for admin($) group shares). AuthLite does not provide a way to give new 2-factor credentials to Explorer at the time of share opening. So your user must supply 2FA at logon time and rely on the kerberos single sign-on.