Forum Discussion

oryxway's avatar
oryxway
Iron Contributor
Apr 06, 2023

Intune Printer non corporate printers and print to USB only

I have setup the configuration profile as shown in this link, I have added the User group so that we can control who can print based on the users and not devices. So, with this it should help which users can print or not print correct? What about the Approved USB printer list, the number we see there does that has to be obtained for each types of printers and added there which is shown for Allow specific USB printers?

 

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/protect-your-removable-storage-and-printers-with-microsoft/ba-p/2324806

 

Deploy policy via Intune OMA-URI

For Intune, currently printer protection supports Open Mobile Alliance Uniform Resource Identifier (OMA-URI) setting (Microsoft Endpoint Manager admin center: Devices -> Configuration profiles -> Create profile -> Platform: Windows 10 and later; Profile type: Templates -> Custom) only.

 

Block people from printing via any non-corporate printer

  • Apply policy over machine:
    • ./Vendor/MSFT/Policy/Config/Printers/EnableDeviceControl
  • Apply policy over user:
    • ./Vendor/MSFT/Policy/Config/Printers/EnableDeviceControlUser

The CSP support string Data type with Value: 

 

 

 

Allow specific approved USB printers

  • Apply policy over machine:
    • ./Vendor/MSFT/Policy/Config/Printers/ApprovedUsbPrintDevices
  • Apply policy over user:
    • ./Vendor/MSFT/Policy/Config/Printers/ApprovedUsbPrintDevicesUser

The CSP support string Data type with approved USB printer VID/PID via ‘ApprovedUsbPrintDevices’ property and the property supports multiple VID/PIDs via comma. Currently does not support wildcard.

 

 

No RepliesBe the first to reply

Resources