If I use Hey Cortana when the screen is locked it completely bypasses the PIN and iris scanner and leaves the phone unlocked after Cortana answers my query. Security flaw? I do have Cortana set for my voice only.
So I have Hey Cortana turned on, but not voice trained so that it responds to anyone. I made sure my phone timed out to the pin lock, then tried a query. It showed the search page results, but any touch to the screen jumps back to the lock screen requiring a pin/iris. So for me at least it still seems secure. However, by virtue of me choosing to have that always on, it does allow anyone to say "call X" and various other actions. It still doesn't unlock the phone, though it will place the call. If you train your voice you should be fine.
Pfft. I can do one better. I just noticed that swiping up right after unlocking will bypass iris scanning and the pin. Not sure if other 950 owners can verify or if mine is just acting up.
The iris scanner does two things really, it unlocks the phone but also just flips up the lock screen if the phone is already unlocked. If you want the iris scanner to be used to unlock it every time, then you would set the "require sign-in" to every time just like you would a pin.