A large majority of organizations are now moving into cloud only infrastructure, with identity being handled by Azure Active Directory, collaboration and security using Microsoft 365, and applications using services such as Azure Web Apps and Containers.
One question that is often being asked when considering a smooth transition to a cloud only environment is, how do we make sure that the corporate printers can still work as normal, and continue to automatically be added to the user’s profile? This blog will answer that question and more. Introducing Universal Print.
Universal Print is a subscription-based, modern print solution that organizations can use to manage their print infrastructure through cloud services from Microsoft. It centralizes print management through Universal Print Portal and is fully integrated with Azure AD.
There are two types of printer setup that Universal Print supports
- Universal Print Ready Printers - To find out more about Universal Print Ready printers, you can visit this link
- Printers without native Universal Print support - These are your regular printers which will be discussed in this blog
What’s the pain point?
One of our customers would like to utilize the Universal Print capability, currently they have adapted cloud only infrastructure approach and wants to bring in their print management to the same platform.
To enable Universal Print capability, I have listed down the pre-requisites to be met:
- Universal Print License - License is required for both users and administrators who will be setting up the Universal Print Service. Universal Print license is included in the following licenses:
- Microsoft 365 Business Premium
- Microsoft 365 Enterprise F3, E3, E5, A3, A5
- Windows 10 Enterprise E3, E5, A3, A5
- Universal Print (standalone) - USD $4.00 per user per month and includes 5 jobs per month*
- Azure Active Directory
- Windows 10 1093 or above
- Universal Print Ready Printer or a Printer without native Universal Print Support
- A client/server machine to host the Universal Print Connector for printers without native Universal Print support
- Microsoft Endpoint Manager - optional should you want to deploy the printers automatically to end users
The plan is to first identify the printers that we will be onboarding to the Universal Print service, as this will determine if we can connect the printer directly to the Universal Print service, or if there will be a requirement for a Universal Print Connector.
For this blog, we are going to use a printer without native Universal Print support since Universal Print ready printers will have different instructions on how to connect to the Universal Print service. Once we have setup the Universal Print connector, we are going to configure the connected/shared printers from the Universal Print Portal to assign them to users. Assigning will provide them access to the printer but not necessarily add them to the device yet. Once permission has been done, we will be deploying the printer via Intune Application deployment, so it gets added to the end user devices. These steps are summarized below:
- Installing Universal Print connector
- Configuring printers and permissions
- Deploying Printers to end-user devices
- Removal of Shared Printers/Universal Print Connectors
Installing the Universal Print Connector
For printers without Universal Print support, there is a requirement to setup a client/server machine to host the Universal Print Connector. It is important to take note of the following prerequisites for the client/server machine where the Universal Print Connector will be installed:
- Windows 10 64-bit, Pro or Enterprise, version 1809 or later
- or Windows Server 2016 64-bit or later (Windows Server 2019 64-bit or later is recommended)
- .NET Framework 4.7.2 or later
- Running 24x7 (e.g., sleep/Hibernate are disabled)
- Internet Connectivity and access to the following endpoints
- Universal Print Connector Installer - can be found here
From the client/server machine dedicated for the Universal Print Connector, confirm that all the required printers to be shared are added or configured. Add any additional printers that you want to be configured for Universal Print service.
Download and run the Universal Print Connector Installer.
Login using your tenant's credentials. Credentials to be used must have Global Admin or Printer Administrator role.
After a successful login, select a Connector Name to be used. Ideally, this should identify where the Printer is located. Click Register.
Configure the connector. There are 2 options that you can turn on.
- Automatically collect diagnostics - When turned on, will collect diagnostic data when an error occurs and send it to Microsoft
- Enable hybrid AD configuration - When turned on, enables the connector to use information from AD Domain Controllers in the organization to impersonate the user account who sent the job.
Select the printers to be registered to the service and select Register.
To confirm if the printers have been configured and registered to the Universal Print Service, open the Azure Portal and search for Universal Print
Open the Printer blade to show the list of printers currently registered
The Connectors blade shows the list of Universal Print Connectors configured for the tenant.
Configure Printers and Permissions
Once we have setup the connector and registered the printer/s, the next step is to share the printers to the licensed users. Sharing the printers means providing access to users, but not automatically adding them.
To share the printer, go to the Universal Print Portal and select the Printer blade. Select the registered printer and click Share.
On the Share screen, you have an option to share the registered printer to everyone in your organization or select a group that this printer will be shared. For this exercise we are using the group Printer Admin.
Once you Share the Printer, the status will now change.
There are other settings that you can configure on the registered printer. Click on the printer’s name and you will be redirected to the Printer overview page.
You can monitor the jobs, properties, access control and Printer connector being used. On the Printer properties blade, you can set location properties of the printer and printer defaults.
Another useful section of the Universal Printer Portal is the Usage and Reports. This section shows you your billed print jobs, pending print jobs, remaining and total print jobs allocated for the tenant.
Deploy Printers to Users
We have two options for users to utilize the Universal Print Service. Manually adding the printer or deploying it automatically to end-user devices. Once the printer has been shared, the users now are able to search and add the printers themselves. If the Location Properties of the registered printer has been configured, the user will be able to get the printer nearest their location first. The steps below show how to add the printer manually.
- Go to Settings
- Click Devices
- Go to Printers and Scanners
- Add a printer or scanner
- Select the Printer that is published by Universal Print Service
Most organizations would prefer to have this done automatically without any user intervention, for larger organizations deploying and mapping those printers to the users will be the preferred way of doing it. This can be done by deploying the printers using Microsoft Endpoint Manager or Intune.
First, we must download the Universal Printer Provisioning tool from Microsoft which can be downloaded here. Once downloaded, you will get these files.
The first application that we need to deploy is the 'UniversalPrintPrinterProvisioning.0.1.0.0.intunewin'. This application will make it possible for the devices to connect to the Universal Print Service.
Go to Microsoft Endpoint Manager, open Apps, and select Windows, then add a Windows app (Win32)
On the App information, upload the package and enter the publisher. Leave the rest as default
On the Program screen, leave everything as default
On the requirements, select both 32-bit and 64-bit for the Operating System Architecture. Select the Minimum Operating System and other configurations that you feel are necessary based on your organization policy
On the detection rule screen, add a manual configuration detection rule and select MSI. This should automatically be populated
Click Next, once you reach the assignment section, you can assign this app to all devices, or the group created to receive the Universal Print service. For this exercise we are adding the Universal Print Admin group
Click Next and the app will be deployed to the devices of the users who belong to the assigned group.
The next application that we need to deploy is the installation or addition of the registered printers to the end-user devices. From the download files, extract 'the samplepolicy.zip'. Open the CSV file named printers.csv and modify the contents as shown below:
Once the printer.csv has been modified and saved, we are now ready to package the files using Intune by using IntuneWinAppUtil. You can download this app from here if you don't have it yet.
Open command prompt and navigate to the directory where you have placed the IntuneWinAppUtil, and run the application as shown below:
Source Folder - Should contain the InstallPolicy.cmd and the printer.csv files
Setup File - InstallPolicy.cmd
Output Folder - where the IntuneWinApp will be created
Once we have created the IntuneWinApp - if default settings and file names were used the resulting IntuneWinApp file will be 'InstallPolicy.intunewin'
Go to Microsoft Endpoint Manager, open Apps, and select Windows, then add a Windows app (Win32), upload the package, and change the display name and description to the Printer Share name. Click Next
On the program screen, enter the Install and Uninstall commands. This is for user-based deployment. Refer to the syntax below:
Install - InstallPolicy.cmd user install
Uninstall - InstallPolicy.cmd user uninstall
Install behaviour - User
We can also use the following should the deployment be based on device
Install - InstallPolicy.cmd device install
Uninstall - InstallPolicy.cmd device uninstall
Install behaviour - User
Click Next, on the Requirements section and follow the same requirements as the Universal Print Printer Provisioning App. Click Next
For the Detection Rule, we are going with File Detection. The setting below is based on User deployment. For Device deployment the path will be - %ProgramFiles%\UniversalPrintPrinterProvisioning\Configuration\printers.csv
Next is the Dependencies, since the Universal Print Printer Provisioning App must be installed and deployed first, we are going to select it as a dependency
Click Next, and then on the Assignment Group select All users or select the desired group to be assigned. For this example, we are using Universal Print Admin
Once created, this will now be deployed to the end-users’ devices who are members of the Universal Print Admin group. There will be no need to add the printers manually and will automatically be added. This is an efficient way when you are deploying different Printers based on the location, roles, or even business unit in an organization.
Removal of Shared Printers/Universal Print Connectors
Removal of Shared Printers and Universal Print Connectors involves several steps. It is important to take note that uninstalling and reinstalling the Universal Print Connector will not allow any new connectivity to the Universal Print Service even if the connector has been removed from the portal. Follow the steps below to make a complete uninstall or removal.
- Remove the Shared Permissions from the registered Printers
- Unregister all Printers
- Perform removal of connector using PowerShell from the client/server machine hosting the Universal Print Service - detailed steps here
- Remove C:\Program Files\PrintConnector
- Remove Universal Print Registry Keys from
Implementing Universal Print Capability is a good addition to device management and moving towards a Cloud Only infrastructure. Universal Print Connector provides support to Printers without any native Universal Print support but once we get to the stage where all the printers are Universal Print Ready it will simplify all the steps. Eliminating any physical or virtual machine to serve as a Print Server. I believe this guide will help you understand the implementation of Universal Print and how it makes things easier from both administrators’ and users’ perspective.