Microsoft ISA Forms-based authentication (FBA) provides users with two login options, "Public or shared computer" and "Private computer", as shown below:
Administrators can configure longer session inactivity timeouts for Private connections (e.g. laptop or home) and shorter ones for Public connections (e.g. airport kiosk, customer site). This ensures that if the OWA session is left open by accident, it will safely be logged off after a configured period of time, minimizing the risk that an unauthorized user will gain access to an active session.
The risk with this scenario is that companies have to rely on user education to ensure users choose the correct login option rather than the one that is more convenient for them. There is are security products available from a third-party, Messageware (www.messageware.com) that allow for configuration of security policies by the Exchange Adminstrator by user, gorup, IP address or corporate device.