Details
You can configure this setting to prompt the user for a password after the user’s device has been inactive for a specified period of time. For example, if you configure the time period for this setting to 15 minutes, the user must enter the device password every time it has been idle for 15 minutes. If the device has been idle less than 15 minutes, the user is not required to re-enter the password.
Rationale:
Mobile devices are often left unattended or lost in public places. Requiring devices to lock after 15 minutes minimizes the window of opportunity for an attacker to tamper with a lost or stolen device.
Solution
To implement the recommended state, execute the following PowerShell cmdlet:
Set-MobileDeviceMailboxPolicy -Identity Default -MaxInactivityTimeLock 00:15:00
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system Windows.