Microsoft Universal Print: Architecture, advantages, disadvantages, and licensing

Home Blog Microsoft Universal Print: Architecture, advantages, disadvantages, and licensing

4sysops - The online community for SysAdmins and DevOps

    ,   0
Microsoft officially released Universal Print for productive use in the first quarter of 2021. It not only complements Windows Virtual Desktop, but also allows companies to move their local print infrastructure to the cloud. However, most organizations are likely to use cloud printing only as an additional option for the time being.
Contents
  1. Requirements due to increased mobility
  2. Printing over the internet
  3. No driver installation on clients
  4. Connection of old hardware
  5. Security
  6. Components of Universal Print
  7. Licensing and accounting
  8. Universal Print prerequisites
  9. Conclusion
Latest posts by Brandon Lee (see all)

Printing is considered a legacy technology, but it is still a business-critical IT function in most companies. Its operation not only requires a complex infrastructure of printers, associated drivers, and print servers, but also demands a great deal of effort from the IT department for maintenance and problem-solving.

Requirements due to increased mobility

As working conditions mean an increasing number of mobile users and employees work from home, the requirements to support these changes also increase. In such scenarios, it is common to send jobs to printers in the office via a VPN. The mapping of devices to users should then change depending on the user's location.

Cloud printing promises to simplify many of these tasks and reduce the complexity of the local infrastructure. As one of the pioneers in this segment, Google offered such a service very early on but shut it down again at the end of 2020. Apparently, the demand fell short of the provider's expectations.

Printing over the internet

With the recently released Universal Print, Microsoft is now trying to establish itself in this market. It is a completely cloud-based service that not only shifts the entire management to Azure. Rather, all print jobs are configured to run over the internet and use Office Data Storage for spooling.

The advantage of this solution is that users can print their documents to any printer in any connected branch of their organization without having to be connected to the corporate network.

In addition, Universal Print offers very flexible options for assigning an appropriate printer to remote users. This can be done traditionally using the address, building, and floor, or the GPS coordinates of the PC and printer.

In various constellations, however, this also entails disadvantages. For example, the jobs currently run via Azure, even if the user and printer are in the same subnet. Printing without an Internet connection is therefore not possible, even within the same building.

No driver installation on clients

Hybrid solutions, such as Ezeep Dash, which only move printer management to the cloud but send the print data directly to the devices, are more favorable under such circumstances. However, the endpoints then still need the appropriate driver for the respective printer.

With Universal Print the printers are managed entirely via the Azure portal

With Universal Print the printers are managed entirely via the Azure portal

With Universal Print, Microsoft completely eliminates the need to install printer drivers on PCs. The service is based on the Internet Printing Protocol (IPP), which informs the client as to which options the printer supports (paper sizes, trays, print quality, sorting, stapling, etc.).

In addition, the PC learns which Page Description Language the printer accepts (Apple Raster, PCLm, PDF, etc.). Based on this information, it can prepare the job for the selected printer. Windows 10 already includes the functions required for Internet printing, so no additional software is needed for Universal Print.

Windows 10 has all the requirements for printing via the cloud

Windows 10 has all the requirements for printing via the cloud

Connection of old hardware

On the other hand, not all existing printers are prepared for Internet printing. Newer models might be enabled by a firmware upgrade, but for many devices, this option will not exist.

For these printers, Microsoft intends to use the Universal Print Connector as a link between the cloud-based print service and the legacy hardware. It can be installed on Windows 10 or Server 2016 or newer. Since legacy devices are inaccessible without the Connector for Universal Print, it is preferable to install the software on a server that is permanently online.

The Connector polls the print queues on Azure at regular intervals and executes jobs when they are available. Modern IPP printers act in the same way, so all connections are initiated from the inside out and admins don't need to open a port in the firewall for Universal Print.

Security

In most organizations, documents with confidential content are printed out on a regular basis. Clearly, a print infrastructure must be configured to prevent such data from falling into the wrong hands. For example, with certain printer models, admins can even force output to start only after a PIN has been typed in.

Cloud printing is further complicated by the fact that all print data leaves the company network. Therefore, print data should be protected with encryption in transit and at rest.

Microsoft uses encryption across the board with the service, and there is no way for the customer to use Universal Print without standard encryption protections. As mentioned above, the data is stored in the same secure storage platform Microsoft uses for Exchange data, Office, and Teams. The Universal Print service houses print data in the region of the customer's tenant and doesn't move it outside to other Azure locations.

Another important pillar for securing the print infrastructure is role-based permissions, for example, to manage queues or to be able to use certain printers. While on-prem environments use Active Directory for this purpose, Universal Print requires that machines join Azure Active Directory. This can also be done via a hybrid configuration with an on-premises AD.

Components of Universal Print

Universal Print includes the following components required for the solution to work:

  • Universal Print service—The cloud SaaS print service housed in Microsoft Azure, allowing for cloud-managed printing
  • Azure Active Directory—Microsoft's cloud-based Active Directory solution, providing Identity and Access Management (IAM) capabilities for use with Universal Print
  • Data storage—Azure storage used for print queue storage in Microsoft Azure
  • Microsoft Intune—The automated provisioning policy used for client device printer provisioning
  • Microsoft Graph—Microsoft's API endpoint used for cloud-managed services, including Universal Print
  • Windows 10 client operating system—Compatible client operating system for Universal Print
Universal Print architecture overview image courtesy of Microsoft

Universal Print architecture overview image courtesy of Microsoft

Licensing and accounting

Microsoft includes Universal Print with the following cloud SaaS subscriptions:

  • Microsoft 365 Enterprise F3, E3, E5, A3, A5
  • Microsoft 365 Business Premium
  • Windows 10 Enterprise E3, E5, A3, A5

Microsoft also makes the service available as a standalone subscription service that allows customers who do not subscribe to Microsoft's SaaS to take advantage of the service.

The vendor has an interesting way of counting the number of prints that an organization is allowed with Universal Print. With the service, you get the following allowances for print jobs:

  • Allowance of five print jobs per month for each licensed user.
  • Organizations can't carry over print jobs that are unused to the next month.
  • Print jobs are not synonymous with pages. If a single print job has 100 pages, it is only counted as one print job. Printing front and back, color vs. grayscale, and multiple copies of a document are still counted only as a single print job.
  • Organizations that need more print jobs than are included can purchase additional packs. These are purchased in increments of 500 print jobs.

Universal Print prerequisites

The Microsoft Universal Print service has the following prerequisites:

Subscribe to 4sysops newsletter!

  • Licensing requirements detailed above
  • A Universal Print-eligible license must be added to the M365 tenant by a Global Administrator
  • Azure Active Directory (AAD)
  • An administrator must have either of the following two AAD roles: Printer Administrator or Global Administrator
  • Universal Print compatible printers
  • Universal Print connector (for printers that are not compatible with Universal Print)
  • Must be running Windows 10, version 1903 or higher
  • Universal Print is available only in selected Azure data center regions. These include: Brazil South, Canada Central & East, Australia East, East US 2, North Central US, South Central US, West US 2, North Europe, West Europe, East Asia, Japan East, Southeast Asia, UK South
  • Internet connectivity is required

Conclusion

Print management has long been a very traditional legacy technology that is challenging for most organizations. Microsoft is striving to help bring print management into the future through the Universal Print offering. Universal Print offers promising capabilities and benefits. There are several requirements that businesses must satisfy for configuring Universal Print along with cloud SaaS subscription requirements.

avataravatar
Related Articles
0 Comments

Leave a reply

Your email address will not be published. Required fields are marked *

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account