but then I can just bypass it by forcing my computer off then powering it back on. Then what’s the point of having it?
You already have your answer, so I’ll just add that not every implementation is the same. Our VDI deployment provides virtual desktops to remote users. Their own physical power buttons would only reset their thin client, not the remote workstation that has access to our secure network. If they want to reset that 10 minute timer early, they have to call IT and we can reset the virtual machine from our end after confirming that they’re a valid user. But yes, some software security is trivial to bypass if you have no physical security.