Netskope - Azure AD - IDP Integration - Enroll & Reauth Private APPs

Hello community, hope all is well.

I have a doubt with a certain point:

In an environment was configured IDP mode against Azure-AD in an environment where users have office 365.

1.- The agent installation is done in IDP mode and the IDP mode operates correctly, it enrolls the user, to the user based agent.

Now the situation is as follows as it is very but very common and typical in office365/Azure-AD environments users already have their office 365 account logged in, either in your outlook client, in teams, onedrive on the web itself, then what happens when the installation process was performed in IDP mode and the enrollment occurs, this process was practically automatic since the user was already logged in to office 365/azure-ad as discussed above.

I understand this is an issue of Office 365/Azure-AD and not of Netskope itself, now what was done to request the credentials, was to unblock the user from all access where he was logged in and the popup appears. What can be done in this case?

2.- Feature Netskope NPA Reauth periodically:

Thinking about this feature, that allows to establish principles of zero-trust forcing the reauth to the private access, deferring a priodo so that example every 6 hours to request the authentication again, thinking that the IDP mode is a requirement that is already covered. In this case something similar to the previous point would happen, wouldn't it? That is to say that the Reauth option will request a new authentication, but if the user is already authenticated in all his office365 suite, this will be practically transparent, no?

Thank you very much for your time, for your good vibes, collaboration and advice.

Best regards