I have setup the configuration profile as shown in this link, I have added the User group so that we can control who can print based on the users and not devices. So, with this it should help which users can print or not print correct? What about the Approved USB printer list, the number we see there does that has to be obtained for each types of printers and added there which is shown for Allow specific USB printers?
Deploy policy via Intune OMA-URI
For Intune, currently printer protection supports Open Mobile Alliance Uniform Resource Identifier (OMA-URI) setting (Microsoft Endpoint Manager admin center: Devices -> Configuration profiles -> Create profile -> Platform: Windows 10 and later; Profile type: Templates -> Custom) only.
Block people from printing via any non-corporate printer
- Apply policy over machine:
- ./Vendor/MSFT/Policy/Config/Printers/EnableDeviceControl
- Apply policy over user:
- ./Vendor/MSFT/Policy/Config/Printers/EnableDeviceControlUser
The CSP support string Data type with Value:
Allow specific approved USB printers
- Apply policy over machine:
- ./Vendor/MSFT/Policy/Config/Printers/ApprovedUsbPrintDevices
- Apply policy over user:
- ./Vendor/MSFT/Policy/Config/Printers/ApprovedUsbPrintDevicesUser
The CSP support string Data type with approved USB printer VID/PID via ‘ApprovedUsbPrintDevices’ property and the property supports multiple VID/PIDs via comma. Currently does not support wildcard.