Device Control Printer Protection - Blocks Print to PDF

Tewang_Chen
Microsoft
Jan 03, 2023
SecD3 , the V2 code has been released to production for a while, but because of holiday, the public document update has been delayed. V2 OMA-URI and GPO support has been released and Intune UX is in progress.
- jvonthun
  Copper Contributor
  Jan 20, 2023
  Tewang_Chen So if we use Group Policy and Enable the "Enable Device Control Printer Restrictions" policy, how do we exclude "Microsoft Print to PDF"? It looks like documentation was updated on 1/10/23 but I'm not seeing this addressed. I see a in the requirements "If you're planning to deploy policy via Group Policy, the device must be onboarded to Microsoft Defender for Endpoint joined" I guess that is probably what is preventing it from working in our environment? We don't have our workstations Onboarded to Defender.
  - Tewang_Chen
    Microsoft
    Jan 20, 2023
    No, the above setting will block 'PDF/XPS' or any network printer.
    Please do not use this https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/printer-protection?view=o365-worldwide, we added note on this doc: If you want to manage printers, see Microsoft Defender for Endpoint Device Control Printer Protection.
    
    you should use: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/printer-protection-overview?view=o365-worldwide. About how to manage 'PDF', you can search PDF on the doc, the doc explains which policy attribute you can use.
    - "File: Microsoft Print to PDF or Microsoft XPS Document Writer. To enforce Microsoft Print to PDF only, use the FriendlyNameId value 'Microsoft Print to PDF'."

Forum Discussion

Device Control Printer Protection - Blocks Print to PDF

Resources