I think I've found a device configuration profiles bug.
Here's how to reproduce it:
Create a new device configuration profile for Windows 10, profile type = Settings catalog,
In the Settings picker, search for "inactivity", and then select "Local Policies Security Options"
Add, and then enable, the setting for "Interactive Logon Machine Inactivity Limit"
Add this new configuration profile to some devices.
After one of my Windows 10 devices (a VM guest I use to test with) picked up this setting, it started locking the screen after just 1 second of inactivity. I had to continually wiggle the mouse to keep it from locking the screen while I debugged the problem.
I found the problematic setting:
Run gpedit.msc
go to Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options
Observe that "Interactive logon: Machine inactivity limit" is set to 1 second
I went back to Endpoint Manager and disabled "Interactive Logon Machine Inactivity Limit". After the device picked up the new setting, the problem went away, and in gpedit.msc I could see that "Interactive logon: Machine inactivity limit" was now set to 0 seconds.
Seems like Endpoint Manager thinks the setting is a boolean, but gpedit.msc thinks the setting is an integer with units of seconds. I wonder if Endpoint Manager set the boolean value to 1, meaning Enabled, but the policy on the client computer interpreted it as 1 seconds.
This documentation thinks the setting is a boolean:
https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-LocalPoliciesSecurityOptions#localpoliciessecurityoptions-interactivelogon-machineinactivitylimit
But this documentation thinks the setting is integer seconds:
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/interactive-logon-machine-inactivity-limit
Curiously, a Dell laptop of mine also picked up this setting, but it did not start locking the screen after 1 second, even though in gpedit.msc I could see the setting was "1 second". Dunno why the problem wasn't happening on the Dell laptop. Maybe some other setting needs to be set a certain way to reproduce the bug. My Dell laptop is not configured exactly the same as the VM guest.