Information
This policy setting prompts users for a password after the device has been inactive for a specified period of time.
Rationale:
Requiring devices to lock after 15 minutes minimizes the window of opportunity for an attacker to tamper with a lost or stolen device.
This is the default behavior.
Impact:
Users must re-enter their passwords each time their devices remain idle for 15 minutes or longer.
Note: This is a mobile device management setting. Use caution when applying these settings as they could have adverse effects depending on the environment, and internal policies around bring your own device (BYOD). These policies could affect a user's BYOD.
Solution
To implement the recommended state, execute the following PowerShell cmdlet:
Set-MobileDeviceMailboxPolicy 'Profile' -MaxInactivityTimeLock 00:15:00
OR
Perform the following actions:
Launch the EAC (Exchange Administrative Center).
Go to 'Mobile' on the left and click on the 'Mobile device mailbox policies' tab.
Double-click the policy you wish to modify and go to the 'Security' settings.
Ensure the Require sign-in after the device has been inactive for (minutes) box is checked and change the value to 15 and click Save.
Default Value:
15