Mechanisms exist to force users and devices to re-authenticate according to organization-defined circumstances that necessitate re-authentication.
Does the organization force users and devices to re-authenticate according to organization-defined circumstances that necessitate re-authentication?