Intune – You can now block printing using non-corporate network printers or non-approved USB printer

You can now control which printers your user can print on.

Connect to your Endpoint Configuration Manager portal (https://endpoint.microsoft.com/) and access the Devices\Windows\Configuration profiles blade to create a new custom profile

Then you need to configure the following OMA-URI to block printing from non approved printers and define the approved printers.

You can configure these OMA-URI for either device level or user level, depending if you want to apply the configuration to devices group or users group.

• User configuration
• Block printing from non approved printers
• OMA-URI: ./Vendor/MSFT/Policy/Config/Printers/EnableDeviceControlUser
• Value: <enabled/>
• Define the approved USB printers
• OMA-URI: ./Vendor/MSFT/Policy/Config/Printers/ApprovedUsbPrintDevicesUser
• Value: <enabled/><data id=”ApprovedUsbPrintDevices_List” value=”<USB printer VID/PID – like 03F0/0853,0351/0872″/>
• Device configuration
• Block printing from non approved printers
• OMA-URI: ./Vendor/MSFT/Policy/Config/Printers/EnableDeviceControl
• Value: <enabled/>
• Define the approved USB printers
• OMA-URI: ./Vendor/MSFT/Policy/Config/Printers/ApprovedUsbPrintDevices
• Value: <enabled/><data id=”ApprovedUsbPrintDevices_List” value=”<USB printer VID/PID – like 03F0/0853,0351/0872″/>

NOTE You can add as many as you need using a comma separated format; wildcard is not supported