Only if you make a bunch of assumptions that may not apply. My employer allows BYO and has a default Outlook Web session timeout.
Is it ok that my son stopped at my desk at home and saw customer PII that was left open?
I enforce these kinds of policies at my company even though I find them personally stupid. I do so because I’m the custodian of my customers property and have a duty to minimize risk of employees or contractors acting poorly.
>Is it ok that my son stopped at my desk at home and saw customer PII that was left open?
In practice/reality, probably. Most employers will disagree.
Consider your son could just as easily over hear a phone call, see a piece of paper, etc. If your son was actively malicious, there's all kinds of things from cameras to video splitters to key loggers he could do. If he's not actively malicious, who cares if he sees something
If you're in a line of work worried about shoulder suffering, then you should really consider whether BYO is a good idea.
Also, there are shields for screens which basically hide it from anywhere not directly in front
Very useful for people who work in trains and stuff: their neighbors can't see things
Is it ok that your son stops at your desk to see PII while the session is still active? And how does reauth even help with this case? Do you expect your session to expire every 15 minutes while you are taking a break?
The problem here isn't auth expiry but you not locking your computer when you step away from your desk.
Your policies aren't enforcing security, just security theater (and making a lot of employees very annoyed in the process).