In MIP (Microsoft Information Protection) integration with the DLP Endpoint Agent the end user is required to enter their credentials to allow proper operation of both systems together. Successful logon allows the DLP Agent to inspect and classify the sensitive information protected by the MIP solution.

The prompt is first displayed during the first MIP related operation, such as saving a classified file, with the DLP Agent involved:

You'd like to understand how often the user can expect such prompts.

After a successful logon the user should not be asked to enter their credentials within the next 90 days. The credentials themselves are not stored on the agent. Instead when the user logs in a token is granted by Azure with 90 days validity. The token is then securely stored on the Agent.

When the token expires the user will be prompted to enter their credentials again. This means that the user should not be prompted more than once every 90 days under normal operation.