Share via


Hybrid Cloud Printing Via AzureAD Is Here

https://www.youtube.com/watch?v=Bvt1L--lqE4

I've talked to a lot of schools and system integrators about using AzureAD and Microsoft Intune to manage their devices more efficiently, particularly with the announcement in 2017 of the release of Intune for Education. One of the final pieces of the cloud puzzle has been released this month with the announcement of hybrid cloud printing with AzureAD joined devices.

Here are some important links to get started:

From the official announcement:

Hybrid Cloud Print is built on top of the Windows Print Server role, so it supports traditional domain-joined devices in addition to Azure AD joined devices. Best of all, your existing printer management scripts, tools, reports, and procedures will continue to work as is. And it’s secured by Azure Active Directory, so you and your users still benefit from features like multi-factor authentication, identity protection and single sign-on (SSO).

My Thoughts:

This is an important step towards encouraging schools and system integrators to start using Mobile Device Management tools such as Intune in combination with AzureAD as the ability to deliver a cloud printing service remains a critical feature request from schools. With this announcement there are six new policy CSP in Intune to assist the hybrid cloud printing which enable the client device to know where the IIS service endpoints are and which Azure tenant information to authorize against.

It's important to recognise that this remains a hybrid cloud solution as it still requires on-premise servers running Discovery Service and Windows Print Service via IIS endpoints. Here is a possible deployment:

cloud print 2.jpg

The diagram shows:

  • Hybrid Cloud Print using Azure Active Directory as the user identity provider.
  • Windows Print service and Discovery service endpoints are registered with Azure Active Directory to enable the client device to retrieve the required user authentication token to use against these services.
  • An MDM service, such as Microsoft Intune, provisions the client device with policies needed to connect Azure Active Directory to Windows Print service and Discovery service.

The school's AzureAD subscription needs to be Premium (P1 or P2) (in New Zealand, this is included in the National Schools Agreement between Microsoft and the Ministry of Education) and provides a further compelling reason for organisations to base their identity on Azure AD.

Comments

  • Anonymous
    January 03, 2019
    Is there any news about the integration with Server 2019? Setting up Hybrid Cloud Printing in Server 2016 is a challenge and if you managed to set it up, the options are limited.
    • Anonymous
      January 06, 2019
      Hi Marc,I'm not sure sorry - hopefully some good news on this front soon!