Currently, access to a Universal Print printer is configured with security groups or all users in the org. This means that anyone that has registered their Windows device in our Entra tenant can see, install and use printers from their personal devices. While in some cases, this eases the ability for our students and staff to print from their personal devices but in other cases, it means a sensitive printer is available to users that aren't using secured and managed devices. Even if I was to restrict access to a paycheck printer to the HR Department, the folks in that group could still access the printer from their personal devices. While this doesn't provide them with access to any sensitive information, it does encourage users not to use their company provided devices. In general, we want to control this process and only allow printing from managed devices.
Please allow us the ability to restrict access to UP printers to only Entra-joined and Entra hybrid-joined devices and exclude Entra-registered devices.
2 Comments
- Saurabh_Bansal
Microsoft
rmckenna - have you tried using configuring Conditional Access policies to do this?
I had not thought of that. Thank you for the idea.
