Supporting Microsoft's vision for modern, secure cloud services, Universal Print simplifies deployment of a print solution in Zero Trust networks.
Zero Trust is the modern security model that solves some of the complexity of today’s cloud-centered IT environment, enabling organizations to embrace a mobile and hybrid workforce while protecting people, devices, applications, and data wherever they are located.
At the core, a Zero Trust network applies this modern security model and assumes that no device or connection is trusted by default. Instead, each connection needs to be verified, regardless of whether the connection is coming from the Internet or an internal network. Everything can ultimately be breached, and the goal is to minimize and contain the breach.
To learn more about Zero Trust networks, visit the Zero Trust Guidance Center.
Historically, the internal network of an organization has been treated as a fortress and connecting to network devices such as printers did not require much security. Today, many, if not most, network devices such as smart thermostats, TVs, security cameras, and many others, can be managed remotely or connect to the Internet for many reasons. Printers are no different.
Organizations can keep their internal networks safe by following Zero Trust guidelines. Implementing the Zero Trust networking model requires each connection to be validated by an authorization and permission scope. When hackers breach a device, they cannot use it to elevate their access rights or use the device as a jumping point to access other resources. This contains the breach to only what the breached device was originally granted access. With the right services in place, such as Microsoft Defender for Endpoint, a breach can easily be detected and mitigated by removing the device’s access rights and preventing impersonation of the device.
Universal Print is a cloud service that is integrated with Azure AD. Communication between client and the printer flows through the Universal Print cloud service. This architecture enables network isolation of printers, including the Universal Print connector software, from the rest of the organization’s resources.
As shown in the diagram above, Universal Print supports and enables Zero Trust networking as follows:
Universal Print ready printers offers an easy solution when deploying a Zero Trust network. Universal Print ready printers include new printer models and existing printer models running updated firmware. Each printer is assigned an identity by Azure AD when it is registered with Universal Print. The printer uses this assigned identity to authenticate to establish a TLS 1.2 connection to Universal Print. Printer manufacturer registers their acting client app with Azure AD with a required set of permission scopes and thereby ensuring that even if a physical printer is breached, the connections to Universal Print cannot elevate access rights beyond what was in the app registration.
Visit https://aka.ms/upintegrations to find a list of Universal print ready printers. Some printers have upgradeable software and can be upgraded to support Universal Print natively
Printers that do not have firmware with direct support for Universal Print can be supported using the Universal Print connector software to communicate with Universal Print. Like Universal Print ready printers, these printers are each assigned an identity by Azure AD. The connection between the Universal Print connector and Universal Print cloud service is protected by TLS 1.2 and uses the printer assigned identity for authentication. The permission scope is based on the Universal Print connector’s app registration.
In terms of Zero Truest networking, the key steps in the deployment are:
Note: Universal Print connector requires appropriate printer drivers to be installed on the host PC. Make sure the printer drivers used are from a trusted source, such as directly from the printer manufacturer or use Windows Update to install drivers.
To learn more about installing the Universal Print connector, see our Universal Print service documentation. Before installing the connector, make sure that you update the firmware for the printers and MFP devices you are using. The list of supported devices that are Universal Print ready is constantly growing.
Universal Print can greatly simplify the print infrastructure of your Zero Trust network deployment and is especially easy when using Universal Print ready printers.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.