How Does Microsoft 365 Universal Print Work?

Brad Sams wrote earlier this year that Microsoft’s Universal Print was entering private preview. In Microsoft’s own words, here is a description of the service:

Universal Print, is a Microsoft 365 cloud-based print infrastructure that will enable a simple, rich and secure print experience for users and reduce time and effort for IT.

Windows 10 devices joined to Azure Active Directory (AAD) can already access printers installed on servers joined to Windows Server Active Directory (AD). So, where does Microsoft 365 Universal Print fit into the picture?

Accessing Windows Server Active Directory resources

In environments where Azure AD Connect is used to synchronize Windows Server Active Directory (AD) users to the cloud, devices joined to AAD can access AD resources. Windows 10 knows the AD domain name and uses it to search for available Windows Server domain controllers on the local network. If it finds one, Windows 10 is issued a Kerberos Ticket-Granting Ticket (TGT) so that it can access AD resources.

Users can authenticate and access AD resources if they know where to find them. For example, if they have the UNC path to a file share or URL of a webserver using Windows integrated security. But without knowing the location or at least a name, locating AD resources isn’t a smooth experience on AAD-joined devices because tools can’t use LDAP to query AD.

Hybrid Cloud Print

To partly address this issue, Microsoft developed a solution called Hybrid Cloud Print to connect Azure AD joined devices, or users with BYOD, to AD-joined print servers. Hybrid Cloud Print is supported in Windows 10 version 1703 and later and it requires Windows Server 2016 print servers. In addition to having an Azure AD tenant synchronized to AD using Azure AD Connect, a Mobile Device Management (MDM) service is required to configure print settings on each device.

Image # Expand
Figure1 3
Hybrid Cloud Print (Image Credit: Microsoft)

Microsoft 365 Universal Print simplifies cloud printing

Hybrid Cloud Print is a complex solution that requires several different components, including Azure AD Application Proxy, new Internet Information Services (IIS) service endpoints, a dedicated connector server and a dedicated print server.

But unlike Hybrid Cloud Print, Universal Print doesn’t need any on-premises infrastructure if you have Universal Print-compatible printers. Universal Print runs in Microsoft Azure, it is fully integrated with Azure AD, and it supports single sign-on. If non-Universal Print-compatible printers are used, then a Universal Print connector application must be deployed on premises.

Image # Expand
Figure2 1
How Does Microsoft 365 Universal Print Work? (Image Credit: Microsoft)

 

Printers registered with Universal Print work with Windows 10 version 1903 and later devices. During the preview, only Enterprise and Education SKUs are supported, although the supported SKUs might change once the product reaches general availability according to a post by Microsoft.

In-market printers don’t currently support connecting to Universal Print directly. But manufacturers are planning to release new models and updates to existing printer firmware to support the Universal Print protocol. In the meantime, the Universal Print connector is required to make the solution work. The connector should be installed on a computer running Windows where the printers you want to share are installed. Microsoft says that some of its partners are offering appliance devices that can be used instead of the Universal Print connector, but it doesn’t provide any further details.

Registering Universal Print printers in Azure Active Directory

Printers that support Universal Print directly can be registered with Azure AD by following the manufacturer’s instructions. For all other printers, the Universal Print connector must be used. The Universal Print connector can be installed on Windows 10 Pro or Enterprise version 1809 or later, or Windows Server 2016 or later. It requires the .NET Framework 4.7.2 or a later version.

  • Download and install the Universal Print connector. It can be downloaded from Microsoft’s website here.
  • Once the Universal Print connector is installed, sign into your organization’s Azure AD tenant using an account with the Printer Administrator or Global Administrator
  • The connector name must then be registered in Azure AD. You need to provide a name for the connector and click Register.
  • After the connector is registered, the connector shows a list of printers that can be registered with Universal Print.

Managing Universal Print printer settings and access control

Microsoft 365 administrators can define printer metadata settings and default preferences. For example, an administrator can set the printer location and color configuration. For a complete list of the settings and metadata that can be configured, see Microsoft’s website here.

By default, Universal Print only gives admins permission to access printers. Additional users or groups must be explicitly granted permission in the administrative portal. Printers are only discoverable by users once they have been shared. Again, this can be done in the admin portal by selecting the printer and then clicking Share Printer.

Universal Print print job management

Universal Print lets admins see the status of print jobs. Reports showing print job history can also be downloaded. Reports include printer usage and user usage, both for the last 30 days. Admins can also cancel active print jobs.

Image # Expand
Figure3a
How Does Microsoft 365 Universal Print Work? (Image Credit: Microsoft)

Adding Universal Print printers to Windows 10 devices

Users can add Universal Print printers to Windows 10 in the Settings app.

Universal Print versus Windows Print Server

As you can see, Universal Print is basic if you compare it to all the features available in Windows Server. A year after Microsoft first started talking about the service, there doesn’t seem to be any way to automatically add printers registered with Universal Print to Windows client devices. Or the ability to deploy the solution for high availability.

But at launch, organizations that have simple printing needs might find Universal Print an interesting alternative to Hybrid Cloud Print. And Universal Print could ultimately enable the removal of all on-premises Windows Server print infrastructure. Hopefully, Microsoft will gradually add more advanced functionality to Universal Print as interest in the service grows.

If your organization is interested in getting involved with the private preview, fill out this form here.