{"id":10457,"date":"2024-02-26T08:00:43","date_gmt":"2024-02-26T16:00:43","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=10457"},"modified":"2024-02-26T11:08:25","modified_gmt":"2024-02-26T19:08:25","slug":"seamless-and-secure-cloud-printing-with-universal-print","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/seamless-and-secure-cloud-printing-with-universal-print\/","title":{"rendered":"Seamless and secure cloud printing with Universal Print"},"content":{"rendered":"

\"MicrosoftThere are few office tasks that are as ubiquitous\u2014or potentially as frustrating\u2014as needing to print a document. Whatever your role and wherever you are, it\u2019s likely that you\u2019ll need to utilize the shared office printer next time you\u2019re on site. In fact, maybe the sole reason you\u2019re visiting the office is to print something.<\/p>\n

Office printing is also a potential network security risk. Between the infrastructure of the Internet of Things and the number of users needing access to these devices, the threat surface is huge. Historically we\u2019ve relied on print servers, virtual private networks (VPNs), and printer drivers to manage users\u2019 access to printing.<\/p>\n

But of course, we also know the best modern software technology exists in the cloud. It affords the most security as well as the most savings. Something wasn\u2019t adding up.<\/p>\n

A few years ago, we at Microsoft Digital Employee Experience (MDEE)\u2014the organization that powers, protects, and transforms the company\u2014realized that printing, one of the most common tasks that nearly all employees do, was one of the last operations that we had not yet brought to the cloud. It became our vision to change that and bring modern security and seamless access to printers to all employees, in all our offices, across the globe.<\/p>\n

\u201cEveryone needs to print something at some time,\u201d says Pete Apple, principal architect and technical program manager in the infrastructure engineering services team within MDEE. \u201cIt\u2019s one of those universal things about working in a business. As we upgraded the protocols with nearly everything else in our network, printing remained one of the only things done \u2018the old way.\u2019 We realized that this was a common area that needed addressing.\u201d<\/p>\n

The path to creating Universal Print, Microsoft\u2019s solution to the needs of modern enterprise cloud printing<\/a>, has evolved over several years as technology has changed. We\u2019ve trialed, improved, and scaled our solution with the insights gained from utilizing this solution with our own employees.<\/p>\n

And we are on the cusp of our next breakthrough in technology and security: eliminating the need for VPNs for office printing.<\/p>\n

[Read our earlier blog post on Universal Print where we walk through our early steps to rethink our approach to printing here at Microsoft.<\/a> <\/em>Learn how we\u2019re Microsoft\u2019s \u2018Customer Zero.\u2019<\/em><\/a> Learn how we\u2019re doing more with less internally at Microsoft with Microsoft Azure.<\/em><\/a> Learn more about the foundation for modern collaboration: Microsoft 365 bolsters teamwork.<\/em><\/a> Explore a simulated experience of Universal Print.<\/em><\/a>]<\/em><\/p>\n

The road to simplification: Microsoft as the customer<\/h2>\n
\"Wu
Jimmy Wu and Pete Apple were all involved in bringing the Universal Print project to life for employees across the globe.<\/figcaption><\/figure>\n

A significant benefit of being a company as large, complex, and distributed as Microsoft is that we are a fantastic proving ground for new technology. If our teams can build a solution that works for our organization, we know it can work for other enterprises too. We also know that if we are experiencing a pain point, likely others are too. Because of this, we often call ourselves Customer Zero.<\/a><\/p>\n

When it came to developing a modern solution for the needs of printing, our product groups knew who to turn to. Partnering with us in MDEE enabled the product team to develop Universal Print by testing with and taking feedback from the broad Microsoft team. The product group relied on our expertise with security review, OEM offerings, and first-hand admin feedback.<\/p>\n

\u201cWith our partnership with MDEE we are able to gain experience as well as verifying the functionality of Universal Print,\u201d says Jimmy Wu, senior product manager with the Universal Print team. \u201cThis helps us prove that this technology can scale to meet the needs of an enterprise as large and complex as Microsoft.\u201d<\/p>\n

In the last three years, Universal Print has come to eliminate the need for dedicated print servers and printer drivers, two significant headaches for admins and users alike. The one area that we hadn\u2019t solved, until now, was the reliance on VPNs. We won\u2019t be able to fully isolate the network printers from the core of our corporate infrastructure until we make this development.<\/p>\n

\u201cUsing VPNs meant that every user trying to print something had to directly connect to the same network as the printer, which opens our networks to security threats. It increases the surface area for bad actors to attack,\u201d Wu says.<\/p>\n

Now, you send your print job to the cloud and you can \u201cpull it down\u201d to any printer you want, anywhere in the globe. It\u2019s truly a universal system, and you no longer need a direct connection between your computer and the local printer you\u2019re wanting to use. This eliminates the inherent security risk of having both the client computer and the printer on the same VPN network, while unlocking an exciting future for both improved security and an easier printing experience.<\/p>\n

All together these changes have also resulted in significant cost savings for Microsoft and significant security and usability improvements. By simplifying our technology and reducing the scale of our infrastructure, we are realizing tens of millions of dollars in savings. This is a win-win outcome that we are all excited about.<\/p>\n

\"Universal
How Universal Print works is simple. Once your IT team configures and registers printers in Microsoft Azure Active Directory, they can publish the printers and assign printer access to the appropriate user groups. Users can then easily discover the nearest printer that they have access to, add the printer, and print immediately. Your IT team is able to manage print and receive reports on printer usage.<\/figcaption><\/figure>\n

Zero Trust: scaling security while also improving user experience.<\/h2>\n

Most employees around the globe these days are working in a hybrid setting, so when they visit one of our offices, we want their experience to be as seamless as possible. We are enabling this modern way of working by moving towards a Zero Trust environment.<\/p>\n

Despite the intimidating name, Zero Trust provides smoother access to services for employees by ensuring user access is validated and authorized for each connection regardless of user location. In practice this means that you can easily log on to an on-campus network using the same device and same credentials you use in your home office. The experience is seamless, and the environment is more secure than ever.<\/p>\n

This technology allows data to be transferred through secure tunnel connections. From an information security perspective this is now the gold standard for public or semi-public networks. We can further sequester our corporate network, which reduces risk to our core infrastructure. This concept is called least-privileged access, which accounts for more segmentation of users and a default to accessing only the common resources the average team member needs.<\/p>\n

While we work towards modern security architectures, we\u2019re also trying to minimize friction for our developers and our employees alike. \u201cWe do a real balance there. It\u2019s a continued conversation of how we do better security while also continuing to improve the experience for folks, so it is just seamless,\u201d Apple says.<\/p>\n

To further this goal MDEE plans to leverage advances in Universal Print-ready printers supplied by OEM manufacturers which will connect directly to the cloud with their own Zero Trust. This new frontier is emerging through the partnership of Microsoft and manufacturers who are working together to improve printer technology to reduce complexity throughout the printing environment.<\/p>\n

Now in 2023 we are in the process of moving all Microsoft end users over to Universal Print. With this solution we are quickly scaling up to support the whole company, worldwide. We\u2019re now able to retire hardware and legacy solutions, and their associated risks. Fundamentally, we are shedding costs while gaining more robust security and better user experience.<\/p>\n

Transforming the printing experience for a global workforce<\/h2>\n

While there are many employees in our headquarters backyard in the Pacific Northwest, the vast majority of our team actually work in field offices all over the globe. Being able to have a printing system that is cloud-based, which can be utilized in all our offices around the world, means a more direct connection to the business for our employees wherever they are. We can ensure that all employees\u2019 experience is much better than it was previously.<\/p>\n

Rolling out Universal Print affects every employee of ours and thus it is a critical task to get it right the first time. For our system admins, they now can centrally manage our printing networks and ensure a common way of operating our equipment globally, which for instance reduces printer outages as a central team can diagnose and fix issues quickly. We\u2019ve also removed unnecessary layers of security management by utilizing the inherent, built-in security of Microsoft Azure. Again, this reduction in complexity also results in savings and increased security.<\/p>\n

And from the perspective of our end users, we\u2019ve moved to a system where everyone is utilizing the same service, with the same access. This scales and makes life faster for employees. The printing interface is much easier than before, and fewer printer outages getting in the way of your work is always welcome.<\/p>\n

We are also looking at new developments right around the corner: employees will soon be able to use their own badges to release the \u201cpull down\u201d printing functionality, adding much-requested scanning features, and enabling admins to have better fleet management of our printers across the globe. Each of these features will further enhance user experience and admin efficiency.<\/p>\n

\u201cWe’re changing the industry, which makes me very excited,\u201d says Michael Munch, a senior service engineer with MDEE. \u201cIt’s not just the same old print story; it’s that we are finally arriving at the day where we can do this thing we\u2019ve only dreamed about. It’s going to save us money, we’re going to be more secure, and it gets us ready for the future with zero-trust networking because the devices themselves will become native cloud devices.\u201d<\/p>\n

In essence, we\u2019re seeing a win-win situation and the future is bright. \u201cAfter presenting our plan for Universal Print the leadership quickly said, \u2018Wait, you said it’s cheaper, and it’s more secure?\u2019\u201d says Munch, \u201cOf course, it was a no-brainer to do.\u201d<\/p>\n

\"Key<\/p>\n