Intune – You can now block printing using non-corporate network printers or non-approved USB printer

Endpoint Configuration Manager / Intune

You can now control which printers your user can print on.

Connect to your Endpoint Configuration Manager portal (https://endpoint.microsoft.com/) and access the Devices\Windows\Configuration profiles blade to create a new custom profile

image  image

Then you need to configure the following OMA-URI to block printing from non approved printers and define the approved printers.

You can configure these OMA-URI for either device level or user level, depending if you want to apply the configuration to devices group or users group.

  • User configuration
    • Block printing from non approved printers
      • OMA-URI: ./Vendor/MSFT/Policy/Config/Printers/EnableDeviceControlUser
      • Value: <enabled/>
    • Define the approved USB printers
      • OMA-URI: ./Vendor/MSFT/Policy/Config/Printers/ApprovedUsbPrintDevicesUser
      • Value: <enabled/><data id=”ApprovedUsbPrintDevices_List” value=”<USB printer VID/PID – like 03F0/0853,0351/0872″/>
  • Device configuration
    • Block printing from non approved printers
      • OMA-URI: ./Vendor/MSFT/Policy/Config/Printers/EnableDeviceControl
      • Value: <enabled/>
    • Define the approved USB printers
      • OMA-URI: ./Vendor/MSFT/Policy/Config/Printers/ApprovedUsbPrintDevices
      • Value: <enabled/><data id=”ApprovedUsbPrintDevices_List” value=”<USB printer VID/PID – like 03F0/0853,0351/0872″/>

NOTE You can add as many as you need using a comma separated format; wildcard is not supported