Universal Print on macOS

-
Source: Microsoft

When Universal Print was announced in private preview for macOS platform at Ignite 2023, cross platform support for print management in the cloud became a reality. With the feature being moved into public preview recently, it showcased Microsoft's commitment to lower the barrier of entry to cloud computing and digital transformation.

What is Universal Print and how does it work for macOS?

Universal Print is a cloud-based printing solution that uses built-in cloud printers, built-in legacy printers, and runs entirely in Microsoft Azure. When Universal Print is deployed with Universal Print-compatible printers, it doesn't require any additional on-premises infrastructure. Just like other Azure connectors, Universal Print connector is installed on a host device as part of the configuration.

In case of macOS, the Universal Print functionality is possible after installing the Universal Print app. This can either be installed administratively or manually by the end users. Once installed, users can sign into Microsoft Entra ID to discover and install printers. Once a printer has been installed by the Universal Print app, it's available in the system print dialog for use with any application that supports printing. The experience is greatly simplified as it does not require installing any printer drivers on the user's device explicitly.

Here is a list of all the pre-requisites -

- Universal Print is enabled in your Azure tenant

- Your user account has the role Printer Administrator or Global Administrator

- Your user account is assigned a Universal Print license

- Windows 11 64-bit, Pro or Enterprise, version 22621 or later, Windows Server 2022 64-bit or later (Recommended)

- .NET Framework 4.8 or later (download page)

- A host PC that is always running and active on the internet.

- The Universal Print connector installer

- Universal Print Subscription

Universal print endpoints


Universal Print Connector Registration

The connector is a small Windows application that can connect many printers to the Microsoft 365 cloud, and can run on any Windows PC on the network. Since I am using my test lab, I installed the connector on one my Azure Server VMs. Here are the steps I followed -

1. Download the Universal Print Connector Installer and follow the steps in the wizard as shown below.




2. Sign-in using your Printer or Global Administrator role.

3. Once the authentication is complete, give a name for the connector.


4. Select the radio buttons or as per your organization requirements. Printers configured on the host device will automatically become visible for registration. 

Note: Some legacy print management applications, that rely on Active Directory domains, read the username from the spooler queue and use that information to perform necessary functions.

When the “Enable hybrid AD configuration” option is turned on in the Universal Print connector, the connector attempts to map the Microsoft Entra ID user identity to a corresponding local AD domain user identity. 

Also, I created a dummy printer for demonstration purposes. You should see a list of network printers here that are configured in your organization and added on the host device.





At this stage, both the connector and the printer should report as configured under Universal Print in Azure. You can navigate to Universal Print to validate.


5. Click on the Printer and hit 'Share' to set the access to licensed users and enable sharing.


That's it. One interesting thing is that after the Universal Print is configured, both the connector and the shared printer have their objects created in Entra ID and reflect as Entra ID joined under 'Printer' OS. This is really neat in my opinion.

Universal Print App & support for macOS

At the time of writing this blog, macOS support is still in public preview and needs to be first enabled in the Universal Print settings in Azure. Select 'Show all printers' as shown below.


Next up is to configure the Universal Print app for macOS. There are basically multiple ways to achieve this -

1. Sync the Universal Print app using Apple Business Manager (ABM)

2. Ask the end user to manually install the app from the store.

3. Use Web links to pin the installation app store link in the dock.

For all intent and purposes, I am using the 3rd option to demonstrate how you can make it easier for the end user to do the installation.

1. Sign-in to the Microsoft Intune admin portal.

2. Browse to Apps – macOS.

3. Click Add

4. Select App type as Web application macOS web clip as shown below -


5. Populate the relevant details, especially the URL for Visio - https://apps.apple.com/us/app/universal-print/id6450432292, as shown below -


6. Assign as required and\or make it available for the enrolled macOS devices.

Testing Results

Once the device syncs with Intune, the web link should get installed and pinned to the dock.


The user needs to open the web link and initiate the installation of the Universal Print app. Once installed, it will show up in the Launchpad.



On accessing the app, the user will be asked to allow necessary permissions. In my case I was asked to  allow access to 'PreferencePanes'.


Once done, user will be asked to sign into the app. Sign-in and the status will change to connected.



Click 'Add printer' and search for the desired printer. In my case I am searching for the Dummy printer I created.



That's it. Printer should be accessible and available for use against an application that supports printing.


The job queue should reflect the printing jobs on the host device where the connector is installed.


The print jobs will also reflect under Universal Printers in Azure. Since I created a Dummy printer for demonstration purposes, the jobs were not successful.

Final thoughts..

Universal Print is for customers who are committed to Microsoft 365 cloud and want to replace the Windows Server print server functionality with a cloud service using Microsoft Entra ID as the only identity. The solution for macOS is still in public preview so there are some known issues, but keeping them aside, I feel the Universal Print as a cloud based managed print solution brings organizations one step closer into adopting the modern cloud framework since managed print solution was and is still one of those pieces of jig saw puzzle that never quite came about, until now..

Comments

Post a Comment

Popular posts from this blog

How to force escrowing of BitLocker recovery keys using Intune

-
Image
Every now and then it so happens that BitLocker recovery keys do not escrow in AAD. The usual culprits are incorrect BitLocker policies and\or the device hardware configuration failing to meet the minimum requirements. The other scenario and something I recently experienced is when everything is setup right and still the recovery key doesn’t escrow in AAD. As I understand, this can happen if the escrow process got interrupted the first time due to network or local devices related issues and the process could not resume. To circumvent this issue, one can simply push a PowerShell script to the devices to force the escrow of the recovery keys to AAD. Here is a script to do so. try{ $BitlockerVol = Get-BitLockerVolume -MountPoint $env:SystemDrive         $KPID=""         foreach($KP in $BitlockerVol.KeyProtector){             if($KP.KeyProtectorType -eq "RecoveryPassword"){                 $KPID=$KP.KeyProtectorId                 break;             }         }        $o
Read more

Intune: Configure Printers for Non-Administrative Users

-
Image
Configuring printers for end users or giving them the ability to do it themselves is a normal requirement for organizations. Now if your users are Administrators, then the configuration can be straight forward, but in case of Non-Administrators there are additional steps required as Non-Administrators will not be able to add a driver in the driver store despite being able to install a printer. In this blog, I will cover the steps that I took to address this requirement using Intune. The setup involves 2 steps -  1. Setup registries. 2. Install the driver and configure the printer Setting up registries – The registries that need to be configured are actually part of a GPO setting – Allow non-administrators to install drivers for these device setup classes It can be found under: Computer Configuration -> Policies -> Administrative Templates -> System -> Driver Installation I used a Powershell script to set the values and wrapped it in a Win32 application. $Path1
Read more

Configure CloudAPAuthEnabled to support Conditional Access in Google Chrome natively

-
Image
Starting with version 111 of Google Chrome, organizations can leverage conditional access policies natively using  CloudAPAuthEnabled . Before this release, Conditional access policies were only supported on Google Chrome by using additional extensions like Windows Accounts and Office Online . If you want to know more about the use of these extensions, then you can read all about it over here . Let's see the new policy involving  CloudAPAuthEnabled in a little detail and how can organization configure it using enterprise device management solutions. CloudAPAuthEnabled   is a setting that can be configured using the policy  Configures automatic user sign-in for accounts backed by a Microsoft® cloud identity provider .  By setting this policy to 1 (Enabled), users who sign into their computer with an account backed by a Microsoft cloud identity provider or who have added a work or school account to Microsoft Windows, can be signed into web properties using that identity automatical
Read more