Hey, let’s learn how to Control Least Privilege App Container Sandbox for Printing Services in Edge Browser using Intune. This policy controls the use of the LPAC Sandbox for printing services in Microsoft Edge. When it is enabled or left unset, printing services run in a secure environment. If disabled, printing may run in a weaker setup, which can lower security.
The importance of this policy is that it improves safety and reliability. Organisations benefit by reducing risks when employees print documents. Users also stay protected while performing normal printing tasks.
This policy is mainly used in Microsoft Edge for printing needs. Organisations use it to protect their devices and networks from possible threats. It is especially useful in workplaces handling sensitive or confidential information.
A real-life example is an office where staff print invoices, reports, or contracts daily. With the policy enabled, printing happens safely inside the sandbox. Without it, printing could expose the system to security risks.
Table of Contents
What are the Advantages of Enabling this Policy using Intune?
Enabling this policy has clear security and performance advantages. It keeps printing services inside the LPAC Sandbox, which prevents attacks from exploiting weaker configurations. This helps protect both users and organisations while keeping printing safe and reliable.
1. Helps improve system and browser security.
2. Provides safe printing services inside Microsoft Edge.
3. Protects organisations from potential malware attacks.
4. Improves user confidence and reliability in daily printing tasks.
5. Reduces risks when handling sensitive or confidential documents.
Control Least Privilege App Container Sandbox for Printing Services in Edge Browser using Intune
When this policy is not enabled, printing services may work in a weaker sandbox. This weaker setup can create security gaps in Microsoft Edge. As a result, both users and organisations face higher risks while printing.
When this policy is enabled, printing services run in the stronger LPAC Sandbox. This improves protection against malware and other threats. It also ensures documents are printed safely without harming the system.
- Enable Disable Sets Layout for Printing in MS Edge using Intune Policy
- Block Network Printing Restrictions using Intune Settings Device Control Printing Restrictions
- Enable Disable Device Control Printing Restrictions Policy using Intune
Create a Profile
Begin by logging into the Microsoft Intune admin center. Subsequently, proceed to Devices . Within the Devices section, select Configuration. In the Configuration area, you will find an option to generate a New Policy. Click on it.
A fresh window will emerge, labeled Create Profile. Within this particular section, you are required to specify the platform as Windows 10 and later, and then select the Profile Type as Settings Catalog. Following this, click Create to continue
Basic Step
After creating profile, the subsequent action is to input the basic details. This typically involves providing the name, description, and platform information. We can specify the name (Enable Printing LPAC Sandbox) of the policy and offer a concise description. To proceed, click Next.
Configuration Settings
Within this tab, you will find an option to Add Settings. Proceed to click on it. Upon clicking, a new window, referred to as Settings Picker, will emerge. Within the Settings Picker window, you are required to choose the category and setting.
| Category | Setting |
|---|---|
| Microsoft Edge\Printing | Enable Printing LPAC Sandbox |
You are now able to close the Settings Picker window. After closing it, you will be directed back to the Configuration Settings page. On this page, you will observe that the policy is configured to Enable or Disable. By default Printing LPAC Sandbox Policy is Disabled. Then click Next to continue.
Enable Printing LPAC Sandbox
If we Enable or configure this policy, you can Enable the Printing LPAC Sandbox policy by toggling the switch. After reviewing or adding more settings, you can click the Next button to proceed.
Scope Tags
The scope tag is not mandatory, so you can skip this section. It functions as a tool for organisation and access management, but assigning it is optional. Click Next if they’re not required for your setup.
Assignments
In the Assignments tab, you choose the users or devices that will receive the policy by clicking Add Group under Include Group, select the group that you want to target(e.g Test_HTMD_Policy) and then click Next to continue.
Final Step
In this section, you will find a summary encompassing all the information you provided in the preceding steps, including basic details, configuration settings, assignment details. We click Create to finish, and a notification confirms that the Enable Printing LPAC Sandbox created successfully.
Device and User Check-in Status
To ascertain the status of a policy, navigate to Devices > Configuration within the Intune portal. Then, choose the relevant policy (such as Enable Printing LPAC Sandbox ), and confirm that its status indicates Succeeded (1). For a quicker process, utilize manual sync in the Company Portal.
Client Side Verification
To confirm if a policy has been applied, use the Event Viewer on the client device. Go to Applications and Services Logs > Microsoft > Windows > Device Management > Enterprise Diagnostic Provider > Admin. From the list of policies, use the Filter Current Log option and search for Intune event 814.
MDM PolicyManager: Set policy string, Policy (PrintinqLPACSandboxEnabled) Area:
(microsoft_edqev129~Policy~microsoft_edqe~Printing), EnrollmentID requesting merqe:
(EB427D85-802F-46D9-A3E2-D5B414587F63), Current User: (Device), Strinq: (),
Enrollment Type: (0x6), Scope: (0x0).
How to Remove Assigned Group from Printing LPAC Sandbox
If you want to remove the specific group that you previously selected, you can easily do that. First, go to Devices > Configuration policies. In the Configuration policy section, search and select the policy, for example, Enable Printing LPAC Sandbox. In the Assignment section, you will find an Edit option and click Remove option. Then, click the Review+ Save option.
For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete Printing LPAC Sandbox Policy from Intune Portal
First, search for the policy name(Enable Printing LPAC Sandbox) in the configuration section. When you find the policy name, you will see a 3-dot menu next to it. Click on the 3 dots, then click the Delete button.
For detailed information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.