Google may be shutting down its cloud printing service at the end of 2020, but organisations will be able to start using the Universal Print service in Microsoft 365 that was announced earlier this year and is now in public preview.
The cloud printing service is designed to help Microsoft customers move to the cloud without needing to keep multiple dedicated Windows Server installations to run the somewhat cumbersome Hybrid Cloud Print. Instead, it runs entirely on Azure and uses Azure AD, with no local infrastructure required in most cases. The print queue is stored in your Office 365 tenant, the printer management API uses the Microsoft Graph and the print job is sent to and pulled from the service using the standards-based Internet Printing Protocol (IPP).
“We built Universal Print because we were hearing from customers, over and over again, that they were trying to transition to the cloud, but as they did so printing became difficult; they didn’t necessarily want to maintain an on-premises print server, but they needed the connection, the authentication, all the management pieces, because their users are still printing,” Principal Group Program Manager Kristin Carr told TechRepublic. “Printing is actually growing rather than being on the decline,” she added.
As well as doing away with the need for a local print server that’s accessible to the internet, Universal Print also means you don’t need to install and manage printer drivers on PCs. To the user, printing looks exactly the same: they add the cloud printer in Settings and then pick it in an application’s print dialog.
Printer admins get a single portal where they can manage print functionality across all their printers, which can also include third-party print services. Many of the cloud print services like Canon and HP’s offerings, and Azure-based services like PaperCut and NTware uniflow (which had also supported Google Cloud Print) are announcing support. Or they can use PowerShell to monitor and manage cloud printers.
The centralised admin options have been particularly useful to the 2,500 organizations (ranging from Canadian schools to Norwegian banks) on the private preview who needed to support newly remote users, and have generated nearly a quarter of a million print jobs already.
Teachers can print on the school printer through the week and then collect all their printouts on a weekly visit, while payroll teams can print cheques without going to the office. If you need someone in a different office to sign a physical document, you can print it there rather than emailing it or printing and posting it. Retail operations could automatically print flyers, job rosters or price labels at stores each week from a central location, rather than sending an email and waiting for managers to see it and print the attachment. Once printers become cloud devices rather than being limited to the local network, it opens up many new scenarios.
Protocols not drivers
Universal Print will work best with printers that have native support for the protocol it uses. Canon and Lexmark will be releasing firmware updates later this year to add the protocol to existing printers that are currently in market and other manufacturers will be announcing support at Inspire this week. Other printers can still be used with the service, but will need a proxy connector.
Using Azure AD and Microsoft 365 as the basis of the service means you’re using the same identity and authentication for connecting to printers as you use for Office, OneDrive and other Microsoft services. You can also use the same management and security policies, like conditional access policies or even digital rights management. “All of the data to and from the service — so from the client to the service, from the service to the printer — all of that data is encrypted,” Carr said. “Print jobs are encrypted at rest, with an option for tenant-provided encryption keys. The service enforces strong authentication of users and printers, with the Azure AD identity platform that provides enterprise-level security service with things like Single Sign On and multi-factor authentication.”
That gives organizations enterprise-level security controls on printers that don’t have authentication built in. You can control who has access to which printers and what they can print. If you already have a printer that makes users type in a PIN before their sensitive document is printed (so it’s not sitting in the print tray for anyone to see), you can now manage that in the same way you manage users and document access; instead of a separate PIN, employees can use the same MFA they’re used to on other devices, authorising a printout from a smartphone authenticator app or receiving a PIN to use each time.
SEE: Multicloud: A cheat sheet (free PDF)
Universal Print also integrates with other Microsoft 365 services. If a document has information that means it’s marked as sensitive through Endpoint Data Loss Prevention, Universal Print will stop it being printed at all. Third-party services can build on the Microsoft Graph APIs to offer extra features, like more detailed tracking and reporting. Or you could build your own custom print workflows using Power Automate, either to control who can print what, when and where, or to automatically generate printouts in the right location as part of a business workflow.
The public preview of Universal Print will be in Microsoft 365 North American, European and Asia Pacific regions soon, starting with E5 and A5 tenants, followed by Windows 10 E3, E5 and A3 subscriptions, then Microsoft 365 Business Premium and F3. Admins will need to assign Universal Print licences to users and register individual printers as Azure AD objects with the correct permissions and sharing. Unless there is new firmware for your printer that adds the Universal Print protocol, you will need to run the Universal Print connector on a Windows PC or server as well.
At this stage, Universal Print is only for Windows 10 (Enterprise or Education 1903 or later); but for firstline workers in particular, printing from smartphones — perhaps using the new mobile Office and SharePoint apps — is going to be important.
“We’re investigating a lot of scenarios around how the user identifies themselves quickly and easily when they walk up to a printer; how they quickly and easily demonstrate ‘I’m me, let me print this thing that belongs to me’,” Carr said — think Windows Hello for printing.
Not all of that functionality is in the public preview and Carr wouldn’t comment on what other devices might be supported in future, but the clue is likely to be in the name. She described the point of the service as “enabling users to print from any device, wherever they are, as long as they’re connected to the internet”.