Today we are discussing on a new topic Device Control Printing Restrictions Policy using Intune. As you all know, Microsoft Intune is a cloud service and it has many features and one of its features is Setting Catalog. Setting catalog provides a list of policies that are very helpful for organizations to manage their user’s productivity and security also efficiencies.
You know device control for printing restrictions are very crucial for enhancing security and reducing costs. Also Its aim is to prevent unauthorized printing of sensitive and confidential documents of organization and with this minimizing the risk of data.
By default, there are no restrictions on printing for users can freely print documents using any available printer, whether connected via USB, network, Wi-Fi, or even personal printers outside of the corporate network. This is Sometimes very crucial and affecting security issues.
With this policy administrators can ensure that all printing activities can be traced to authorized individuals. It covers all types of printing devices, including network printers, multifunction printers, and locally connected USB printers.
Table of Contents
What Happens if the Device Control Printing Restrictions Setting is Enabled on a Device?
If the Device Control Printing Restrictions setting is enabled, the computer will restrict printing only to printers that are connected through the corporate network or are approved USB-connected printers. This prevents users from printing to unauthorized printers.
Device Control Printing Restrictions Policy – CSP Details
Above we discussed a lot of things about Device Control Printing Restrictions Policy. When we discuss this policy, we have to know about its CSP details. Configuration Service Providers (CSPs) enable Intune to manage Windows device settings by allowing remote configuration changes through the Windows Registry.
| Property name | Property value |
|---|---|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
- Enable Disable Prevent Adding New Printers Policy using Intune
- Prevent Users From Installing Printer Drivers using Intune
- How to Create Intune Settings Catalog Policy
Create a Profile
To deploy a policy in Intune, start by logging into the Microsoft Intune admin center. Navigate to Devices > Configuration profiles > Create profile. Then, click “Create” which will open a new window titled Create a Profile in that window you must enter the Platform as Windows 10 and later.
- Set the Profile Type to Settings Catalog.
- Then Click the Create button to proceed.
Basics
The Basics step is very important. In this step, you need to enter the basic details of the policy. Provide a Name for the policy. This is essential, as it will help you easily identify the policy later in the list of configuration policies. Enter a Description for the policy to explain its purpose. The Platform details are set by default, so you don’t need to make any changes there.
- Here I gave the name as Device Control Printing Restrictions.
- Click on the Next.
Configuration Settings – Settings Picker
The next step is Configuration Settings, which is a very important part of the process. In this tab, you can add specific settings to the policy. To do this, first click on the Add Settings option and it will open a new window called Settings Picker. In the search bar, type Administrative Templates, then select Printers from the results.
- Once you click on Printers, you will see a list of available policy settings.
- From this list, select Enable Device Control Printing Restrictions.
Disable – Device Control Printing Restrictions
When you select Enable Device Control Printing Restrictions in the Settings Picker, you can then close the Settings Picker window. You will now be back on the Configuration Settings page. Here, you will notice that the policy is disabled by default.
| Enable | Disable |
|---|---|
| If you enable this setting, the computer will restrict printing to printer connections on the corporate network or approved USB-connected printers. | If you disable this setting or don’t configure it, there are no restrictions to printing based on connection type or printer Make/Model. |
Enable – Device Control Printing Restrictions
You can easily Enable Device Control Printing Restrictions on the Configuration Settings page. By default, the setting is disabled. To enable it, toggle the switch from left to right. When you do this, the toggle will turn blue, indicating that the setting is now enabled. After that, click Next to continue.
Scope Tags
In Intune, the Scope Tags feature helps to manage policy access. Although scope tags enhance organization and access control, they’re not required. You can move forward by selecting Next without adding any scope tag to the policy.
Assignments
The next step is the Assignments tab, which is crucial for deploying the policy. In this section, you’ll specify the group that the policy should apply to. Start by clicking Add Groups under the Include Groups section. A list of available groups will be displayed. Select the one you want to assign the policy to.
After making your selection, the group will be added to the list of assignments. Once you’ve reviewed and confirmed your selections, click Next to proceed.
Review + Create
Review + Create is the final stage of policy creation. In this step, you will see a summary of all the details, including Basics, Configuration Settings, Assignments, and more. You can review all the information, and if anything needs to be changed, you can go back to the previous steps and edit them easily.
In the Review + Create section, you will see a Create button. This is a very important step, as clicking this button will finalize and create the policy. Once you click Create, you will receive a notification confirming that the policy has been successfully created.
Device – Check in Status
After the policy is created, the main concern is whether it has been successfully deployed. Typically, it can take up to 8 hours for the policy to apply. This is the minimum waiting period. However, you can manually sync the policy through the Company Portal, which helps to apply the policy more quickly. To check if the policy has been successfully deployed;
- Sign into the Microsoft Intune Admin Center.
- Navigate to Devices > Configuration Policies.
- In the Configuration Policies list, look for the policy you created.
- Click on the policy to view its deployment status and details.
- This will show whether the policy has been successfully assigned and applied. You can refer to the screenshot below.
Client-Side Verification
To get the client-side verification, open the Event Viewer and navigate to Applications and Services Logs > Microsoft > Windows > Device Management > Enterprise Diagnostic Provider > Admin. Once there, you can search for specific policy results by using the Filter Current Log feature located in the right pane. This helps quickly get the relevant results within the log.
- You can look the 813 and 814 event ID for the results.
- I get the result from the 814 event ID.
| Policy Details |
|---|
| MDM PolicyManager: Set policy string, Policy: (EnableDeviceControl), Area: (Printers), EnrollmentiD requesting merge: (B1E9301C-8666-412A-BA2F-3BF8A55BFA62), Current User: (Device), String: (), Enrollment Type: (0x6), Scope: (0x0). |
Remove Group of Device Control Printing Restrictions
Intune makes it easy to remove a policy from your tenant. To do this, go to the Configuration tab, open the policy, and click the Edit button under the Assignment tab. Then, click the Remove button to delete the policy from this section.
For detailed information, you can refer to our previous post – Learn How to Delete or Remove App Assignment from Intune using by Step-by-Step Guide.
Delete Device Control Printing Restrictions
To delete the Device Control Printing Restrictions Policy, First go to the Devices > Configurations section in Intune. In the Policy section, use the search bar to look for “Printing Restrictions Policy”. Once you get the policy in the list, click the 3-dot menu next to it and select Delete from the available options to remove the policy from your tenant.
For more information, you can refer to our previous post – How to Delete Allow Clipboard History Policy in Intune Step by Step Guide.
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been a Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.