Microsoft Gives Guidance for Setting Up Hybrid Cloud Printing
Microsoft recently gave an overview of how to set up Hybrid Cloud Print, a Windows Server 2016 feature that can tap Azure Active Directory to enable printing for bring-your-own-device Windows 10 clients and domain-joined Windows 10 clients.
Hybrid Cloud Print only works with Windows 10 Fall Creators Update 1709 clients (or higher) or Windows 10 S clients, according to a Microsoft article.
When enabled, Hybrid Cloud Print permits printing in an organization from a device located anywhere via an Internet connection. Microsoft had announced back in February that the Hybrid Cloud Print capability was ready for commercial use, commenting that "up until now, there has never been a good way to print to a corporate printer from an Azure AD joined device."
Tapping cloud-based printing using the Azure AD service may sound like a gift from on high, but it's presently a chore to set up. Trouble on that front was had by none other than Windows deployment luminary Michael Niehaus, now a principal program manager on the modern deployment team at Microsoft. He described the setup process for Hybrid Cloud Print in this blog post last Wednesday.
Niehaus had followed Microsoft's estimated 20- to 25-step process to get Hybrid Cloud Print going but, in the end, he admitted that "it didn't work at all."
Instead, he pointed to setup steps offered by Microsoft Most Valuable Professional Zeng ("Sandy") Yinghua in this January SCConfigMgr post as something that actually did work to enable Hybrid Cloud Print. He said he followed most of her steps exactly, with a couple of exceptions.
Yinghua's setup used Azure AD Pass-Through Authentication to support the Hybrid Cloud Print capability. Azure AD Pass-Through Authentication is a more simplified means of enabling single sign-on access for end users than trying to configure the Active Directory Federation Server role of Windows Server 2016. However, Niehaus recommended using another option for the Hybrid Cloud Print setup, namely using Azure AD Pre-Authentication, which ensures that "the user is authenticated before the traffic passes through the proxy."
Alas, that's one approach that Yinghua admitted she couldn't get working.
"I have tried pre-auth mode many times, but I didn't get it [to] work," Yinghua noted in the comments section of her blog post, dated March 6.
When Hybrid Cloud Print does get successfully set up, end users access it normally using the Printers and Scanners screen in Windows 10. They'll see a new "Search for cloud printers option" and the actual printer icon they'll get when it's set up will be a little different. It will show a little cloud image adjacent to the printer icon. Microsoft also claims that after Hybrid Cloud Print is set up, an organization's existing scripts and tools will continue to work with it.
Microsoft had earlier described the Hybrid Cloud Print feature in this September Ignite conference session. Jimmy Wu, a senior program manager at Microsoft, said the feature was Microsoft's "first steps into addressing these marketing needs" of enabling printing for non-domain-joined devices. He said back then that the feature permitted organizations to use their existing assets as-is. It enables single sign-on access and the use of existing print service infrastructure, and it permits printing while away from the corporate network, he added.
Wu offered the following slide during his talk, which offers considerations on how organizations might opt to use the Hybrid Cloud Print capability:
Hybrid Cloud Print, in addition to requiring newer Windows 10 clients, has a number of other Microsoft product dependencies. Windows Server 2016 is a requirement. Organizations need to have an Azure AD Premium subscription, according to Yinghua. Wu noted that organizations must have a mobile device management (MDM) service in place, which can be either Microsoft Intune or other services such as VMware's AirWatch or MobileIron. An MDM service is needed because MDM management policies need to be configured for client devices to use Hybrid Cloud Print.
The setup for Hybrid Cloud Print using Windows Server 2016 is involved, as Niehaus explained. However, he offered a hopeful quip at the end of his post, saying that "with any luck, this [setup process] will be integrated into Windows Server 2019." Microsoft has previously suggested that Windows Server 2019 will commercially arrive in the second half of this year.
There are alternatives to Microsoft's Hybrid Cloud Print approach. Organizations can use Easy Print with Remote Desktop Services when using Windows Server 2016, although that approach has some limitations, according to this Redmond article by Microsoft MVP Adam Bertram. Other possibilities include the use of UniPrint Infinity, Parallels RAS Universal Printing or Citrix and VMware offerings, according to Bertram.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.