Key Takeaways
- Enforces secure printer communication by requiring IPPS with TLS encryption.
- Prevents installation of IPP printers that do not support secure IPPS connections.
- Helps improve organizational security by protecting printer data in transit.
- Can be configured and deployed centrally across devices using Microsoft Intune.
Hey, let’s discuss about Secure Printer Installations with Intune by Allowing only IPPS Printers using TLS. This policy setting determines whether communication with printers using the Microsoft IPP Class Driver must use IPPS, which provides secure communication through TLS encryption. When this setting is enabled, only IPP printers that support IPPS can be installed, ensuring that printer communication is encrypted and more secure.
Table of Contents
Table of Contents
Secure Printer Installations with Intune by Allowing only IPPS Printers using TLS
If this setting is disabled or left unconfigured, the system allows the installation of IPP printers that do not support IPPS. In this case, printers can communicate using standard IPP without TLS encryption, which may offer broader compatibility but does not guarantee secure communication.
- How to Prevent Mapping of Client Printers in Remote Desktop Services Sessions using Intune
- Protecting Printer Communication Channels by Enforcing TCP only Connections using Intune Policy
- Enable Disable Prevent Adding New Printers Policy using Intune
How to Create a Profile
First, sign in to the Microsoft Intune Admin Center. Go to the Devices and select Configuration. Then click on the create down arrow, and after that, click on New Policy.
Profile Creation in a Policy
This is the next step you need to take for policy Creation. In profile creation, you must select the platform and profile type. Here, I would like to configure the policy for Windows 10 and later platforms and the settings catalog profile. Then click on the Create button.
Basic Tab for Name and Description
To begin configuring a policy in Intune, start with the Basics step. Here, we can add the name(Require lpps Policy) of the policy and give a brief description(not mandatory). Click Next to continue.
Configuration Settings
With Settings Picker, you can use the Configuration Settings Tab. On this tab, you can click on the +Add Settings hyperlink to get the Settings Picker. The settings picker shows a huge number of settings. Here, I select the settings policy name(Require lpps Policy), there you can see the Printer category and enable the settings name.
Disable lpps Policy
Once you have selected Require lpps Policy and closed the Settings picker. You will see it on the Configuration page. By default, will be set to disabled. If you want to continue, click on the Next button.
Enable lpps Policy
If we Allowed or configure this policy, you can allow lpps policy by toggling the button from left to right. Then, click Next to proceed.
What is Scope Tag
In Intune, Scope Tags are used to control who can view and modify a policy. The scope tag is not mandatory, so you can skip this section. It functions as a tool for organisation and access management, but assigning it is optional. Click Next if they’re not required for your setup.
Assignments Tab for Selecting Group
In the Assignments tab, you choose the users or devices that will receive the policy by clicking Add Group under Include Group, select the group that you want to target (HTMD – Test Policy) and then click Next to continue.
Finalising this Policy
Before completing the policy creation, you can review each tab to avoid misconfiguration or policy failure. After verifying all the details, click on the Create Button. After creating the policy, you will get a success message Require lpps policy has been created successfully.
Monitoring Status
To view a policy’s status, go to Devices > Configuration in the Intune portal, select the policy (like Reguire lpps Policy), and check that the status shows Succeeded (1). Use manual sync in the Company Portal to speed up the process.
Client Side Verification
To confirm if a policy has been applied, use the Event Viewer on the client device. Go to Applications and Services Logs > Microsoft > Windows > Device Management > Enterprise Diagnostic Provider > Admin. From the list of policies, use the Filter Current Log option and search for Intune event 813.
MDM PolicyManager: Set policy int, Policy: RequirelppsPolicy) Area: (Printers), EnrollmentID
requesting merqe: (EB427D85-802F-46D9-A3E2-D5B414587F63), Current User: (Device), Int: (0x1),
Enrollment Type: (0x6), Scope: (0x0).
Configuration Service Provider (CSP)
The Policy Configuration Service Provider (CSP) is a feature used by organisations to manage and control settings on Windows 10 and 11 devices. It explains what each policy does, what settings or values can be used, and how it connects to older Group Policy settings (Group Policy Mapping details).
Description Framework Properties:
| Property Name | Property value |
|---|---|
| Format | int |
| Access Type | Add, Delete, Get, Replace |
| Default Value | 0 |
Allowed Values:
- 0(Default)– Disabled
- 1 – Enabled
Group policy mapping:
| Name | Value |
|---|---|
| Name | RequireIppsPolicy |
| Friendly Name | Require IPPS for IPP printers |
| Location | Computer Configuration |
| Path | Printers |
| Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\IPP |
| Registry Value Name | RequireIpps |
| ADMX File Name | Printing.admx |
How to Remove Assigned Group from this Policy
If you need to remove a group from a policy assignment for security updates. Open the policy from the configuration tab and click on the edit button. Then, click on the Remove button. Click Review + Save after making the changes.
For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
How to Delete this Policy from Intune
If you want to delete this policy for any reason, you can do it easily. First, search for the policy name in the configuration section. When you find the policy name, click the 3-dot menu next to it and tap the Delete option.
For more information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community and WhatsApp Channel to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP from 2015 onwards for 10 consecutive years! He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is also a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.