Microsoft
MicrosoftHi k h,
The 15 minute timeout is specific to the lifetime of the Verification Code, not the login session. Once you log in, if you check 'Keep Me Signed In', your authentication token will be written to disk and kept between sessions. You will not be prompted to verify again until the cookie is deleted, or is not renewed for more than 5 days. Administrators can limit the amount of time that those who choose 'Keep Me Signed In' can go before having to verify again through the use of a Verification Code. To configure this, navigate to your SharePoint Admin portal (https://[TENANTPREFIX]-admin.sharepoint.com) and select Sharing. Under 'Additional Settings' you will see an check box for "Require Recipients to continually prove account ownership when they access shared items." The default once selected is thirty days.
If a user chooses to not select the 'Keep Me Signed In' option, their access will last until the end of the browser session, whereupon they will be required to verify their identity again to get access to the file.
I hope this helps!