Forum Discussion

effjaay's avatar
effjaay
Brass Contributor
Mar 07, 2022

Device Control Printer Protection - Blocks Print to PDF

When using the OMA URI policy  ./Vendor/MSFT/Policy/Config/Printers/EnableDeviceControl to block printing via non-corporate printers. It is observed it blocks Print to PDF and Print to XPS function.

 

Using the Application Guard Security Policy under ASR does not provide the required exclusion.

 

Does anyone have any idea how to resolve.

 

Thanks

  • oryxway's avatar
    oryxway
    Iron Contributor
    Apr 27, 2023
    Same thing with me. I block USB printing and when I add All Users, it is not allowing me to print to PDF/XPS and it saves as 0KB file. But, when I remove the USB printing and do not assign anyone, then I can print to PDF / XPS and saves with the original file size.
    • Jonhed's avatar
      Jonhed
      Steel Contributor
      Apr 28, 2023
      Documentation here shows that you can now define a group for printing to PDF/XPS which would allow you to whitelist this, while blocking other printers.
      At least if you manage this with the Device Control feature.
      https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/printer-protection-overview?view=o365-worldwide

      Documents list this under the same section as Printer Protection, but it seems to be a different feature, so may or may not work for you.
      • ReDaAl's avatar
        ReDaAl
        Copper Contributor
        Oct 10, 2023
        We urgently need a solution about the following problem:

        The GPO “List of Approved USB-connected print devices” is active.
        And when the GPO is enabled, the "eDoc" (Software Print to PDF) does not work anymore.

        Importand:
        No Intune or MS Defender is used.
        Means the "printer protection v2" can`t used it.

        What solution exists today or in the near future?
  • Tewang_Chen's avatar
    Tewang_Chen
    Icon for Microsoft rankMicrosoft
    Dec 15, 2022
    Hi, please do not use the V1 Printer Protection solution, the V2 has passed the Private Preview/code has been released to production, we are currently working to update the public doc/should be released in Jan.
    • SecD3's avatar
      SecD3
      Copper Contributor
      Dec 15, 2022
      Where can we find V2? Is there an intune setting catalog?
      • Tewang_Chen's avatar
        Tewang_Chen
        Icon for Microsoft rankMicrosoft
        Jan 03, 2023

        SecD3 , the V2 code has been released to production for a while, but because of holiday, the public document update has been delayed. V2 OMA-URI and GPO support has been released and Intune UX is in progress.

  • ctbjm's avatar
    ctbjm
    Copper Contributor
    Jul 18, 2022
    We're also experiencing the same issue - I've opened a ticket with MS.
  • Gineok630's avatar
    Gineok630
    Copper Contributor
    Jun 15, 2022

    Np luck here either. Microsoft allows for exceptions for USB VID/PID but what about everything else?

    • TSMasonHQ642's avatar
      TSMasonHQ642
      Copper Contributor
      Jul 11, 2022

      Gineok630 and effjaay 

      I am looking into this as well, utilizing the PID/VIDs works as expected on printers but have had no luck finding a way to allow for Print to PDF or OneNote, Wanted to see if you two or anyone else has had any luck. 

       

      Thanks! 

  • CoreyOli's avatar
    CoreyOli
    Copper Contributor
    Apr 07, 2022

    effjaay 

    I've just come across this same exact issue and I'm looking into possible solutions..  I'm really concerned there may not be a way to exempt them, simply based on the way the policy written...

     

    I'll keep you posted.

     

    Thanks,

     

    -Corey

  • effjaay's avatar
    effjaay
    Brass Contributor
    Mar 30, 2022
    Whoa 112 views and no replies, guess, if i fix this i will be solving a big problem. Seems no one has a fix.
    • CoreyOli's avatar
      CoreyOli
      Copper Contributor
      Apr 21, 2022
      I have had NO luck trying to get this working, you make any progress?

Resources