Universal Print on macOS

-
Source: Microsoft

When Universal Print was announced in private preview for macOS platform at Ignite 2023, cross platform support for print management in the cloud became a reality. With the feature being moved into public preview recently, it showcased Microsoft's commitment to lower the barrier of entry to cloud computing and digital transformation.

What is Universal Print and how does it work for macOS?

Universal Print is a cloud-based printing solution that uses built-in cloud printers, built-in legacy printers, and runs entirely in Microsoft Azure. When Universal Print is deployed with Universal Print-compatible printers, it doesn't require any additional on-premises infrastructure. Just like other Azure connectors, Universal Print connector is installed on a host device as part of the configuration.

In case of macOS, the Universal Print functionality is possible after installing the Universal Print app. This can either be installed administratively or manually by the end users. Once installed, users can sign into Microsoft Entra ID to discover and install printers. Once a printer has been installed by the Universal Print app, it's available in the system print dialog for use with any application that supports printing. The experience is greatly simplified as it does not require installing any printer drivers on the user's device explicitly.

Here is a list of all the pre-requisites -

- Universal Print is enabled in your Azure tenant

- Your user account has the role Printer Administrator or Global Administrator

- Your user account is assigned a Universal Print license

- Windows 11 64-bit, Pro or Enterprise, version 22621 or later, Windows Server 2022 64-bit or later (Recommended)

- .NET Framework 4.8 or later (download page)

- A host PC that is always running and active on the internet.

- The Universal Print connector installer

- Universal Print Subscription

Universal print endpoints


Universal Print Connector Registration

The connector is a small Windows application that can connect many printers to the Microsoft 365 cloud, and can run on any Windows PC on the network. Since I am using my test lab, I installed the connector on one my Azure Server VMs. Here are the steps I followed -

1. Download the Universal Print Connector Installer and follow the steps in the wizard as shown below.




2. Sign-in using your Printer or Global Administrator role.

3. Once the authentication is complete, give a name for the connector.


4. Select the radio buttons or as per your organization requirements. Printers configured on the host device will automatically become visible for registration. 

Note: Some legacy print management applications, that rely on Active Directory domains, read the username from the spooler queue and use that information to perform necessary functions.

When the “Enable hybrid AD configuration” option is turned on in the Universal Print connector, the connector attempts to map the Microsoft Entra ID user identity to a corresponding local AD domain user identity. 

Also, I created a dummy printer for demonstration purposes. You should see a list of network printers here that are configured in your organization and added on the host device.





At this stage, both the connector and the printer should report as configured under Universal Print in Azure. You can navigate to Universal Print to validate.


5. Click on the Printer and hit 'Share' to set the access to licensed users and enable sharing.


That's it. One interesting thing is that after the Universal Print is configured, both the connector and the shared printer have their objects created in Entra ID and reflect as Entra ID joined under 'Printer' OS. This is really neat in my opinion.

Universal Print App & support for macOS

At the time of writing this blog, macOS support is still in public preview and needs to be first enabled in the Universal Print settings in Azure. Select 'Show all printers' as shown below.


Next up is to configure the Universal Print app for macOS. There are basically multiple ways to achieve this -

1. Sync the Universal Print app using Apple Business Manager (ABM)

2. Ask the end user to manually install the app from the store.

3. Use Web links to pin the installation app store link in the dock.

For all intent and purposes, I am using the 3rd option to demonstrate how you can make it easier for the end user to do the installation.

1. Sign-in to the Microsoft Intune admin portal.

2. Browse to Apps – macOS.

3. Click Add

4. Select App type as Web application macOS web clip as shown below -


5. Populate the relevant details, especially the URL for Visio - https://apps.apple.com/us/app/universal-print/id6450432292, as shown below -


6. Assign as required and\or make it available for the enrolled macOS devices.

Testing Results

Once the device syncs with Intune, the web link should get installed and pinned to the dock.


The user needs to open the web link and initiate the installation of the Universal Print app. Once installed, it will show up in the Launchpad.



On accessing the app, the user will be asked to allow necessary permissions. In my case I was asked to  allow access to 'PreferencePanes'.


Once done, user will be asked to sign into the app. Sign-in and the status will change to connected.



Click 'Add printer' and search for the desired printer. In my case I am searching for the Dummy printer I created.



That's it. Printer should be accessible and available for use against an application that supports printing.


The job queue should reflect the printing jobs on the host device where the connector is installed.


The print jobs will also reflect under Universal Printers in Azure. Since I created a Dummy printer for demonstration purposes, the jobs were not successful.

Final thoughts..

Universal Print is for customers who are committed to Microsoft 365 cloud and want to replace the Windows Server print server functionality with a cloud service using Microsoft Entra ID as the only identity. The solution for macOS is still in public preview so there are some known issues, but keeping them aside, I feel the Universal Print as a cloud based managed print solution brings organizations one step closer into adopting the modern cloud framework since managed print solution was and is still one of those pieces of jig saw puzzle that never quite came about, until now..

Comments

  1. Ryan NashSeptember 11, 2024 at 1:46 PM

    Great insights! I really appreciate how well you've explained everything. As someone working on coding projects, finding reliable hosting like NinzaHost is essential for my workflow. Your post gave me the clarity I was looking for keep up the fantastic work!

    ReplyDelete

Post a Comment

Popular posts from this blog

How to force escrowing of BitLocker recovery keys using Intune

-
Image
Every now and then it so happens that BitLocker recovery keys do not escrow in AAD. The usual culprits are incorrect BitLocker policies and\or the device hardware configuration failing to meet the minimum requirements. The other scenario and something I recently experienced is when everything is setup right and still the recovery key doesn’t escrow in AAD. As I understand, this can happen if the escrow process got interrupted the first time due to network or local devices related issues and the process could not resume. To circumvent this issue, one can simply push a PowerShell script to the devices to force the escrow of the recovery keys to AAD. Here is a script to do so. try{ $BitlockerVol = Get-BitLockerVolume -MountPoint $env:SystemDrive         $KPID=""         foreach($KP in $BitlockerVol.KeyProtector){             if($KP.KeyProtectorType -eq "RecoveryPassword"){                 $KPID=$KP.KeyProtectorId                 break;             }         }        $o
Read more

Intune: Configure Printers for Non-Administrative Users

-
Image
Configuring printers for end users or giving them the ability to do it themselves is a normal requirement for organizations. Now if your users are Administrators, then the configuration can be straight forward, but in case of Non-Administrators there are additional steps required as Non-Administrators will not be able to add a driver in the driver store despite being able to install a printer. In this blog, I will cover the steps that I took to address this requirement using Intune. The setup involves 2 steps -  1. Setup registries. 2. Install the driver and configure the printer Setting up registries – The registries that need to be configured are actually part of a GPO setting – Allow non-administrators to install drivers for these device setup classes It can be found under: Computer Configuration -> Policies -> Administrative Templates -> System -> Driver Installation I used a Powershell script to set the values and wrapped it in a Win32 application. $Path1
Read more

Prevent users from running certain programs or applications on Windows endpoints using Intune

-
Image
  When it comes to blocking or preventing users from running an application on Windows devices, one normally uses App locker policy, Windows Defender Application Control and not so new but pretty useful method called Defender Vulnerability management within Microsoft 365 Defender Portal. A recent question on the Tech Community Microsoft forum prompted me to look for all possible alternatives. I started reminiscing over the legacy GPO policies and that is when I stumbled upon the policy  Don’t run specified Windows applications  located under User Administrative Templates - The policy setting does come with its own caveat - " This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from starting pr
Read more