I've learned that having an Exchange account (apparently only Exchange 2007, not 2003) results in a diminished set of choices regarding the time interval before the passcode lock sets, and that is consistent with my experience: the four-hour option was available when I had only an Exchange 2003 account installed on the device, and this shortened to 15 minutes after installing an Exchange 2007 account. In my case, it is not a matter of an employer making the requirement: I am the employer, and I am using, in this case, Microsoft Business Online Productivity Services--i.e., hosted Exchange vs. in-house. I have not yet found a setting to override this ridiculously short interval on the Exchange server, but at least I know where to look, and it would not seem to be anywhere on my devices. The fact that I can choose not to use a passcode lock altogether demonstrates that this is not a security requirement imposed by the Exchange server, just a more limited range of options. The option not to use the passcode lock would not be available if it were a true security issue for Exchange, one presumes. I don't recall, by the way, such behavior in Windows smartphones I've had in the past.
Is anyone else finding the 15-minute passcode lock on the iPad and iPhone as annoying and dangerous as I am? I have disabled the lock altogether as a result. It is terribly annoying to have only 15 minutes to set my iPad aside before having to unlock it, and it renders the iPhone downright dangerous in the car--and I'm talking about turning iTunes on or off, or simply checking a map. I never talk or text while driving.
I thought four hours was a reasonable (for me) compromise between security and usability, but someone (Apple? Microsoft?) has decided we all need more protection than that and has reduced the intervals to a mere 15-minute maximum. Now I have no other security than wiping my device remotely if it falls out of my possession. The setting screen tells us that "shorter times are more secure," as if it were scolding us. I would have even greater security if I had never bought the devices, but that is beside the point.
I don't understand why users should not be able to decide for themselves the degree of passcode security they desire and need on their devices.