During my trainings, you’ll often hear me saying that it doesn’t make sense anymore to join your company’s portable devices in your on-premises Active Directory. In fact, these devices are usually used outside of the company’s environment, so they never or rarely contact your Domain Controllers.
A common good practice is to join them to Azure AD and control them using MDM and Conditional Access policies. But what happens when a user needs to print to an on-premises printer?
Now this is possible using the Hybrid Cloud Print feature. Now people in your organization can use Azure AD-joined devices to discover on-premise printers, and can print from work or from home or from anywhere else they can connect to the internet.
Hybrid Cloud Print is built on top of the Windows Print Server role, so it supports traditional domain-joined devices in addition to Azure AD joined devices. Best of all, your existing printer management scripts, tools, reports, and procedures will continue to work as is. And it’s secured by Azure Active Directory, so you and your users still benefit from features like multi-factor authentication, identity protection and single sign-on (SSO).
Once deployed, the print discovery and installation experience will be familiar to your users.
Hybrid Cloud Print consists of two new IIS service endpoints:
- Printer Discovery service
- Windows Print service
There are also six new MDM policies to configure and manage Hybrid Cloud Print. These enable the client device to know where the IIS service endpoints are and which Azure tenant information to authorize against.
To get started, take a look at the Hybrid Cloud Print overview and follow the deployment guide.
I also suggest to take a look at this video, an Ignite presentation about this topic:
Thanks for your time!