Power Management
This section describes the design decisions associated with power management on Windows 10 and 11 endpoints configured according to guidance in ASD's Blueprint for Secure Cloud.
Estimated reading time: 3 minutes
The power settings in Windows can be fully managed by Intune, Microsoft Endpoint Configuration Manager (MECM), or Group Policy. Individual settings can be enforced or set as defaults that can then be changed by the user as desired.
Users can adjust power and performance options via the system tray power slider icon to:
- Better Battery / Recommended - Better Battery / Recommended provides extended battery life than the default settings on previous versions of Windows.
- Better Performance - Better Performance is the default slider mode that slightly favours performance over battery life and is appropriate for users who want to trade-off power for better performance of applications.
- Best Performance - Best Performance prioritizes performance over battery life.
Design Decisions
| Decision Point | Design Decision | Justification |
|---|---|---|
| Power Management technology | Intune, MECM or Group Policy | Organisation preference of technology to configure power options. If using MECM or GPO, consideration should be made to migrate these to Intune in future. |
| Default Power Option Battery | Balanced | Default setting, no requirement to change has been identified. |
| Default Power Option Powered | Better Performance | Default setting, no requirement to change has been identified. |
| Allow standby states when sleeping (on battery) | Disabled | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Allow standby states when sleeping (plugged in) | Disabled | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Require a password when a computer wake (on battery) | Enabled | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Require a password when a computer wakes (plugged in) | Enabled | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Specify system hibernate timeout (on battery) | Enabled System Hibernate Timeout (seconds): 0 | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Specify system hibernate timeout (plugged in) | Enabled System Hibernate Timeout (seconds): 0 | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Specify system sleep timeout (on battery) | Enabled System Sleep Timeout (seconds): 0 | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Specify system sleep timeout (plugged in) | Enabled System Sleep Timeout (seconds): 0 | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Specify the unattended sleep timeout (on battery) | Enabled Unattended Sleep Timeout (seconds): 0 | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Specify the unattended sleep timeout (plugged in) | Enabled Unattended Sleep Timeout (seconds): 0 | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Turned off hybrid sleep (on battery) | Enabled | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Turned off hybrid sleep (plugged in) | Enabled | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Show hibernate in the power options menu | Disabled | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
| Show sleep in the power options menu | Disabled | To align with ASD’s Hardening Microsoft Windows 10 version 21H1 Workstations guidance. |
Related information
Security & Governance
- None identified
Design
- None identified
Configuration
References
- None identified