Comment by paxys

Is it ok that your son stops at your desk to see PII while the session is still active? And how does reauth even help with this case? Do you expect your session to expire every 15 minutes while you are taking a break?

The problem here isn't auth expiry but you not locking your computer when you step away from your desk.

Your policies aren't enforcing security, just security theater (and making a lot of employees very annoyed in the process).