Seamless and secure cloud printing with Universal Print

Feb 26, 2024   |  

Microsoft employee works at their desk in a Microsoft office.
Managing security on internal Microsoft networks extends to universal devices like printers. Universal Print utilizes the Microsoft Azure cloud to bring easy and secure printing to Microsoft employees across the globe.

Microsoft Digital storiesThere are few office tasks that are as ubiquitous—or potentially as frustrating—as needing to print a document. Whatever your role and wherever you are, it’s likely that you’ll need to utilize the shared office printer next time you’re on site. In fact, maybe the sole reason you’re visiting the office is to print something.

Office printing is also a potential network security risk. Between the infrastructure of the Internet of Things and the number of users needing access to these devices, the threat surface is huge. Historically we’ve relied on print servers, virtual private networks (VPNs), and printer drivers to manage users’ access to printing.

But of course, we also know the best modern software technology exists in the cloud. It affords the most security as well as the most savings. Something wasn’t adding up.

A few years ago, we at Microsoft Digital Employee Experience (MDEE)—the organization that powers, protects, and transforms the company—realized that printing, one of the most common tasks that nearly all employees do, was one of the last operations that we had not yet brought to the cloud. It became our vision to change that and bring modern security and seamless access to printers to all employees, in all our offices, across the globe.

“Everyone needs to print something at some time,” says Pete Apple, principal architect and technical program manager in the infrastructure engineering services team within MDEE. “It’s one of those universal things about working in a business. As we upgraded the protocols with nearly everything else in our network, printing remained one of the only things done ‘the old way.’ We realized that this was a common area that needed addressing.”

The path to creating Universal Print, Microsoft’s solution to the needs of modern enterprise cloud printing, has evolved over several years as technology has changed. We’ve trialed, improved, and scaled our solution with the insights gained from utilizing this solution with our own employees.

And we are on the cusp of our next breakthrough in technology and security: eliminating the need for VPNs for office printing.

[Read our earlier blog post on Universal Print where we walk through our early steps to rethink our approach to printing here at Microsoft. Learn how we’re Microsoft’s ‘Customer Zero.’ Learn how we’re doing more with less internally at Microsoft with Microsoft Azure. Learn more about the foundation for modern collaboration: Microsoft 365 bolsters teamwork. Explore a simulated experience of Universal Print.]

The road to simplification: Microsoft as the customer

Wu and Apple pose for individual photos that have been combined into a collage.
Jimmy Wu and Pete Apple were all involved in bringing the Universal Print project to life for employees across the globe.

A significant benefit of being a company as large, complex, and distributed as Microsoft is that we are a fantastic proving ground for new technology. If our teams can build a solution that works for our organization, we know it can work for other enterprises too. We also know that if we are experiencing a pain point, likely others are too. Because of this, we often call ourselves Customer Zero.

When it came to developing a modern solution for the needs of printing, our product groups knew who to turn to. Partnering with us in MDEE enabled the product team to develop Universal Print by testing with and taking feedback from the broad Microsoft team. The product group relied on our expertise with security review, OEM offerings, and first-hand admin feedback.

“With our partnership with MDEE we are able to gain experience as well as verifying the functionality of Universal Print,” says Jimmy Wu, senior product manager with the Universal Print team. “This helps us prove that this technology can scale to meet the needs of an enterprise as large and complex as Microsoft.”

In the last three years, Universal Print has come to eliminate the need for dedicated print servers and printer drivers, two significant headaches for admins and users alike. The one area that we hadn’t solved, until now, was the reliance on VPNs. We won’t be able to fully isolate the network printers from the core of our corporate infrastructure until we make this development.

“Using VPNs meant that every user trying to print something had to directly connect to the same network as the printer, which opens our networks to security threats. It increases the surface area for bad actors to attack,” Wu says.

Now, you send your print job to the cloud and you can “pull it down” to any printer you want, anywhere in the globe. It’s truly a universal system, and you no longer need a direct connection between your computer and the local printer you’re wanting to use. This eliminates the inherent security risk of having both the client computer and the printer on the same VPN network, while unlocking an exciting future for both improved security and an easier printing experience.

All together these changes have also resulted in significant cost savings for Microsoft and significant security and usability improvements. By simplifying our technology and reducing the scale of our infrastructure, we are realizing tens of millions of dollars in savings. This is a win-win outcome that we are all excited about.

Universal Print diagram showing Microsoft Azure Active Directory, Microsoft Intune, Microsoft Graph, and Office Data Storage Services at the center with the browser, Windows, and printers dispersed from there.
How Universal Print works is simple. Once your IT team configures and registers printers in Microsoft Azure Active Directory, they can publish the printers and assign printer access to the appropriate user groups. Users can then easily discover the nearest printer that they have access to, add the printer, and print immediately. Your IT team is able to manage print and receive reports on printer usage.

Zero Trust: scaling security while also improving user experience.

Most employees around the globe these days are working in a hybrid setting, so when they visit one of our offices, we want their experience to be as seamless as possible. We are enabling this modern way of working by moving towards a Zero Trust environment.

Despite the intimidating name, Zero Trust provides smoother access to services for employees by ensuring user access is validated and authorized for each connection regardless of user location. In practice this means that you can easily log on to an on-campus network using the same device and same credentials you use in your home office. The experience is seamless, and the environment is more secure than ever.

This technology allows data to be transferred through secure tunnel connections. From an information security perspective this is now the gold standard for public or semi-public networks. We can further sequester our corporate network, which reduces risk to our core infrastructure. This concept is called least-privileged access, which accounts for more segmentation of users and a default to accessing only the common resources the average team member needs.

While we work towards modern security architectures, we’re also trying to minimize friction for our developers and our employees alike. “We do a real balance there. It’s a continued conversation of how we do better security while also continuing to improve the experience for folks, so it is just seamless,” Apple says.

To further this goal MDEE plans to leverage advances in Universal Print-ready printers supplied by OEM manufacturers which will connect directly to the cloud with their own Zero Trust. This new frontier is emerging through the partnership of Microsoft and manufacturers who are working together to improve printer technology to reduce complexity throughout the printing environment.

Now in 2023 we are in the process of moving all Microsoft end users over to Universal Print. With this solution we are quickly scaling up to support the whole company, worldwide. We’re now able to retire hardware and legacy solutions, and their associated risks. Fundamentally, we are shedding costs while gaining more robust security and better user experience.

Transforming the printing experience for a global workforce

While there are many employees in our headquarters backyard in the Pacific Northwest, the vast majority of our team actually work in field offices all over the globe. Being able to have a printing system that is cloud-based, which can be utilized in all our offices around the world, means a more direct connection to the business for our employees wherever they are. We can ensure that all employees’ experience is much better than it was previously.

Rolling out Universal Print affects every employee of ours and thus it is a critical task to get it right the first time. For our system admins, they now can centrally manage our printing networks and ensure a common way of operating our equipment globally, which for instance reduces printer outages as a central team can diagnose and fix issues quickly. We’ve also removed unnecessary layers of security management by utilizing the inherent, built-in security of Microsoft Azure. Again, this reduction in complexity also results in savings and increased security.

And from the perspective of our end users, we’ve moved to a system where everyone is utilizing the same service, with the same access. This scales and makes life faster for employees. The printing interface is much easier than before, and fewer printer outages getting in the way of your work is always welcome.

We are also looking at new developments right around the corner: employees will soon be able to use their own badges to release the “pull down” printing functionality, adding much-requested scanning features, and enabling admins to have better fleet management of our printers across the globe. Each of these features will further enhance user experience and admin efficiency.

“We’re changing the industry, which makes me very excited,” says Michael Munch, a senior service engineer with MDEE. “It’s not just the same old print story; it’s that we are finally arriving at the day where we can do this thing we’ve only dreamed about. It’s going to save us money, we’re going to be more secure, and it gets us ready for the future with zero-trust networking because the devices themselves will become native cloud devices.”

In essence, we’re seeing a win-win situation and the future is bright. “After presenting our plan for Universal Print the leadership quickly said, ‘Wait, you said it’s cheaper, and it’s more secure?’” says Munch, “Of course, it was a no-brainer to do.”

Key Takeaways

  • Modern enterprise cloud printing is designed to provide modern security and seamless access to all printers for all users. It reduces friction for admins and users while making the enterprise more secure than ever.
  • Zero Trust is an important part of keeping everyone safe and secure. By moving enterprise printing to the cloud, companies can verify user and device identity to reduce risk and keep the environment productive.
  • Universal Print eliminates the need for dedicated print servers and printer drivers, which are significant headaches for admins and users alike. And by using Universal Print’s entire feature set MDEE will soon eliminate the inherent security risks of VPNs.

Related links

Tags: , , , , ,