1 min read

Intune – You can now block printing using non-corporate network printers or non-approved USB printer

You can now control which printers your user can print on.

Connect to your Endpoint Configuration Manager portal (https://endpoint.microsoft.com/) and access the Devices\Windows\Configuration profiles blade to create a new custom profile

image  image

Then you need to configure the following OMA-URI to block printing from non approved printers and define the approved printers.

You can configure these OMA-URI for either device level or user level, depending if you want to apply the configuration to devices group or users group.

  • User configuration
    • Block printing from non approved printers
      • OMA-URI: ./Vendor/MSFT/Policy/Config/Printers/EnableDeviceControlUser
      • Value: <enabled/>
    • Define the approved USB printers
      • OMA-URI: ./Vendor/MSFT/Policy/Config/Printers/ApprovedUsbPrintDevicesUser
      • Value: <enabled/><data id=”ApprovedUsbPrintDevices_List” value=”<USB printer VID/PID – like 03F0/0853,0351/0872″/>
  • Device configuration
    • Block printing from non approved printers
      • OMA-URI: ./Vendor/MSFT/Policy/Config/Printers/EnableDeviceControl
      • Value: <enabled/>
    • Define the approved USB printers
      • OMA-URI: ./Vendor/MSFT/Policy/Config/Printers/ApprovedUsbPrintDevices
      • Value: <enabled/><data id=”ApprovedUsbPrintDevices_List” value=”<USB printer VID/PID – like 03F0/0853,0351/0872″/>

NOTE You can add as many as you need using a comma separated format; wildcard is not supported

Intune – Deploy printers used with Universal Print with Intune/Endpoint Configuration Manager

As you may know, a new service called Universal Print has been released in preview allowing you replacing your on-premises print servers (see ...

Read More

Intune – New security focused policies available in preview

As you know, Intune/Endpoint Configuration Manager allows you to define policies to managed devices configuration and security settings.

Read More

Intune – You can now define update locations for Windows Defender

As you know you can control some settings of Windows Defender through Intune/Endpoint Configuration Manager.

Read More