windows-itpro-docs/windows/security/operating-system-security/data-protection/personal-data-encryption/intune-disable-hibernation.md

title, description, ms.topic, ms.date

title	description	ms.topic	ms.date
Disable hibernation for PDE in Intune	Disable hibernation for PDE in Intune	how-to	03/13/2023

Disable hibernation for PDE

Hibernation files can potentially cause the keys used by Personal Data Encryption (PDE) to protect content to be exposed. For greatest security, disable hibernation.

Disable hibernation in Intune

To disable hibernation using Intune, follow the below steps:

1. Sign in to the Microsoft Intune admin center
2. In the Home screen, select Devices in the left pane
3. In the Devices | Overview screen, under Policy, select Configuration Profiles
4. In the Devices | Configuration profiles screen, make sure Profiles is selected at the top, and then select Create profile
5. In the Create profile window that opens:
   1. Under Platform, select Windows 10 and later
   2. Under Profile type, select Settings catalog
   3. Select Create to close the Create profile window
6. The Create profile screen will open. In the Basics page:
   1. Next to Name, enter Disable Hibernation
   2. Next to Description, enter a description
   3. Select Next
7. In the Configuration settings page:
   1. select Add settings
   2. In the Settings picker window that opens:
      1. Under Browse by category, scroll down and select Power
      2. When the settings for the Power category appear under Setting name in the lower pane, select Allow Hibernate, and then select the X in the top right corner of the Settings picker window to close the window
   3. Change Allow Hibernate from Allow to Block by selecting the slider next to the option
   4. Select Next
8. In the Scope tags page, configure if necessary and then select Next
9. In the Assignments page:
   1. Under Included groups, select Add groups

      Note

      Make sure to add the correct groups under Included groups and not under Excluded groups. Accidentally adding the desired device groups under Excluded groups will result in those devices being excluded and they won't receive the configuration profile.

   2. In the Select groups to include window that opens, select the groups that the configuration profile should be assigned to, and then select Select to close the Select groups to include window
   3. Under Included groups > Groups, ensure the correct group(s) are selected, and then select Next
10. In Review + create page, review the configuration to make sure everything is configured correctly, and then select Create

Additional PDE configurations in Intune

The following PDE configurations can also be configured using Intune:

Prerequisites

• Enable Personal Data Encryption (PDE)
• Disable Winlogon automatic restart sign-on (ARSO)

Security hardening recommendations

• Disable kernel-mode crash dumps and live dumps
• Disable Windows Error Reporting (WER)/user-mode crash dumps
• Disable allowing users to select when a password is required when resuming from connected standby

More information

• Personal Data Encryption (PDE)
• Personal Data Encryption (PDE) FAQ