Mitigating PrintNightmare With Azure Universal Print

Published:8 December 2022 - 7 min. read

Azure Cloud Labs: these FREE, on‑demand Azure Cloud Labs will get you into a real‑world environment and account, walking you through step‑by‑step how to best protect, secure, and recover Azure data.

Shifting to the cloud transforms your workflow and allows you to be productive from anywhere. One of the setbacks, though, is vulnerabilities that are present, like PrintNightmare. As a result, many still prefer traditional printouts and do not trust digital documents. Why not go for Azure Universal Print as your cloud-based modern print solution?

Azure Universal Print seeks to provide a resolution, not only innovative but also satisfies the traditional need for paper. Print is the last remaining bastion of local infrastructure and is difficult to replace. And in this tutorial, you will learn how to mitigate PrintNightmare with Azure Universal Print to manage your print infrastructure through cloud services.

Read on to start securing printing experiences with Azure Universal Print!

Prerequisites

This tutorial contains hands-on demonstrations. To follow along, ensure you have the following in place:

  • An Azure Active Directory Tenant – no subscription is required
  • Universal Print Licenses are available for each user designated to use the Universal Printing service.

💡 Universal Print is included in the commercial and educational Microsoft 365 and Windows 10 subscriptions but can also be purchased as a standalone subscription.

What is Azure Universal Print?

Universal Print provides an enjoyable user experience with its centralized print management capabilities. All these, without maintaining traditional on-premises print servers and AD or installing printer drivers.

Universal Print, a multi-tenant print solution service hosted on Azure, can be explained in the architecture shown below. At the heart of this architecture are two Platform as a Service (PaaS) services hosted in the cloud.

PaaSFunction
Azure Active Directory (AAD)Azure’s cloud directory service. Provides user and license management.
Universal PrintA Microsoft 365 subscription-based service that organizations use to centralize print management through the Universal Print Azure Portal.
Demonstrating the Universal Print Architecture
Demonstrating the Universal Print Architecture

Creating a New Group in Azure Active Directory

Since other users need access to the Universal Print service, your first task is to work on permissions. How? Create a group and add users to that group. Doing so lets you grant or limit access and permissions to a group of users instead of to each user.

1. Open your favorite web browser, and log in to your Azure Portal.

2. On the Azure Portal, click the Azure Active Directory icon to access your Azure AD service overview page (step three).

Looking for the Azure Active Directory Service
Looking for the Azure Active Directory Service

3. Next, click on Groups to enter the group management interface.

Accessing the Groups management interface
Accessing the Groups management interface

4. Now, click All groups (left panel) → New group, as shown below, which opens a page where you can fill up information about the new group.

Creating a new group
Creating a new group

5. Lastly, configure the following to define the group parameters:

Defining the group parameters
Defining the group parameters

The notification below confirms the group has been created successfully.

Confirming successful group creation
Confirming successful group creation

Assigning Universal Print Licenses to Users

Now that you have a group available, you will need to assign the necessary license to the group. Assigning the license at the group level lets you avoid having to do so to each user manually.

1. On the Groups page, click All groups (left panel), look for and click the newly-created group (Universal Print Users), as shown below. Your browser redirects to a page where you can see the group’s information overview (step two).

Accessing the newly-created group’s information overview
Accessing the newly-created group’s information overview

2. Next, click Licenses (left panel) under the Manage section to see the active license assignments.

Creating a new license assignment
Retrieving the license assignment

3. On the Licenses page, click Assignments to create a new assignment

Creating a new license assignment

4. Now, select the license in which the Universal Print feature is included, and click on Save to save the license assignment settings. Note that this tutorial uses the Windows 10/11 Enterprise E3 license.

Choosing a license
Choosing a license

The output below confirms the license assignment is a success.

Confirming the license assignment
Confirming the license assignment

Registering Printers with the Universal Print Service

With the license successfully assigned, you can register a printer in the Azure Universal Printer Portal, starting with a Universal Print-ready device.

Printers can be connected to the Universal Print service in two different ways, as follows:

ConnectionRequirements
Direct ConnectedRequires a Universal Print-ready printer.
Connected via the Universal Print ConnectorRequires a device (laptop, client desktop, server, VM) on which the Universal Printer Connector can be installed and has a connection to the printer.

You will connect the Universal Print-ready printer directly to Azure without a connector as a middleman. This tutorial uses a Lexmark brand printer (Lexmark C3224dw), which can be configured via a web portal.

Once the printers are registered in the Universal Print Azure Portal, they can be accessed via a suitable client from anywhere in the world.

💡 The configuration shown in this tutorial is only an illustration and is not feasible for every printer. Depending on the manufacturer, the process may differ.

1. Open your favorite web browser, and visit the printer’s IP address (i.e., ) to access the printer’s configuration portal.

Accessing the printer’s configuration portal
Accessing the printer’s configuration portal

2. Click Network/Ports under Select Option (left panel) and register the printer with the following:

  • Look for and expand Universal Print to access the Universal Print configuration.Provide a meaningful Printer Name.Click on the Register button to register the printer.

Connecting a Universal Print-ready printer to Azure
Connecting a Universal Print-ready printer to Azure

3. Once registered, copy the code, and click the link, as shown below, which opens a new browser tab.

Registering the printer name
Registering the printer name

4. Now, switch to the newly-opened tab, paste the code you copied in step three, and click Next to confirm the input.

Inserting the Universal Print device registration code
Inserting the Universal Print device registration code

5. After entering the code, choose an Account to sign in to so you can authorize registering the printer.

Choosing the account to authorize registering the printer
Choosing the account to authorize registering the printer

If successful, you will get a confirmation message, as shown below.

Verifying UP device logon message
Verifying UP device logon message

Back in the printer’s control panel, you can also see the registration process has been completed successfully.

Verifying the printer registration status
Verifying the printer registration status

Registering a Printer via the Universal Print Connector

You have successfully registered a Universal Print-capable printer, but what about a printer that is not Universal Print-capable? In this case, you must connect the printer via the additional available Connector application.

1. Launch the Universal Printer connector, and click Login to link the connector to your Azure tenant.

Signing in to Azure tenant
Signing in to Azure tenant

2. Next, define a Connector name, which can be anything, in the provided field and click Register.

Registering the UP Connector
Registering the UP Connector

Below, you can see the connector is being registered.

Viewing the connector registration progress
Viewing the connector registration progress

3. Once registered, search for and select the Universal Print service in the Azure Portal, as shown below, to access the Connectors Overview page.

Navigating to the Universal Print Service portal
Navigating to the Universal Print Service portal

4. Now, click Connectors (left panel) → your newly-registered connector (Printer Serve), which opens its configuration window.

Accessing the connector’s configuration
Accessing the connector’s configuration

5. In the list of Available Printers, tick the box in front of your local printer’s name, and click Register to assign a printer to the connector completely.

Registering a local printer
Registering a local printer

If the registration is successful, the local printer’s name moves in the list of Registered printers, as shown below.

Checking the local registration status
Checking the local registration status

Sharing Printers to Group Members

Now that the printers are connected to the cloud, you can use them as usual. But how about the other members of the group? Worry not. Azure Universal Print lets you share them with other people in the organization.

To share the printers, follow these steps:

1. Navigate to the Universal Print service page again.

Navigating to the Universal Print service portal
Navigating to the Universal Print service portal

2. Next, click Printers (left panel) under the Manage section to see the list of available printers.

Sharing multiple printer devices
Sharing multiple printer devices

3. Tick the boxes in front of all the printers you wish to share to select them, and click Share.

Sharing multiple printers
Sharing multiple printers

But if you only plan to share one printer, click on the printer, and your browser redirects to the page below. In the Overview page, click Share Printer to share the selected printer.

Sharing a single printer device
Sharing a single printer device

4. Now, configure the printer-sharing settings with the following:

  • Share name – Provide a name that other users can find to use the printers.Select member(s) – Select the group to which the printers should be distributed.Click Share Printer to finish your selection.

Setting the sharing parameter
Setting the sharing parameter

Provisioning Printers on Client Devices (Windows)

You have shared the printers successfully with all members (users) in your group. Now all you need is to add the printers on the client devices so other people can securely use the registered printers.

To provision the printers on client devices:

1. Search for add printer in the Windows search bar, and click on Add a printer or scanner, which opens the Printers & scanners settings (step two).

Accessing the printing device manager
Accessing the printing device manager

2. Next, click on Add a printer or scanner to scan for available printers.

Scanning for printers
Scanning for printers

3. Lastly, click Add device in the corner of your desired printer to add to the client.

Adding a printer to a client device
Adding a printer to a client device

Once added, you will see the printer in the list of locally available printers with a Ready status, as shown below.

Checking if the new printer is available
Checking if the new printer is available

Generating Printout Data Reports

From an administrative point of view, getting an overview of the number of printouts made and who made them is often necessary. How? Azure Universal Print lets you generate reports for these printouts.

1. In the Universal Print portal, look for and select Usage and Reports (left panel) under the Monitor section.

Accessing Usage and Reports
Accessing Usage and Reports

2. Next, choose a report type, either Printer Usage Report (last 30 days) or User Usage Report (last 30 days). But in this tutorial, you will generate the User Usage Report. Click on the download icon next to the respective usage report to download the report.

Generating and downloading reports
Generating and downloading reports

3. Once downloaded, open the file to see the report data.

Opening the report file
Opening the report file

As shown below, you will see a clear representation of the executed print jobs on your CSV file viewer, like Microsoft Excel. report

Viewing the downloaded print usage
Viewing the downloaded print usage

Conclusion

In this tutorial, you have discovered how to put your printer infrastructure on a new foundation and turn it into a highly available cloud service by leveraging Azure Universal Print. You have learned how to assign the required licenses in a scalable manner. As a result, you avoid manually assigning licenses to each user — the boring stuff.

You have touched on registering printers of different ages and technical maturity connected to Azure without any problems. Thank goodness using dot matrix printers is still possible.

Now, are you ready to modernize your printing infrastructure? Get rid of your old print servers and print from anywhere at any time with Azure Universal Print!

Hate ads? Want to support the writer? Get many of our tutorials packaged as an ATA Guidebook.

Explore ATA Guidebooks

Looks like you're offline!