The Universe Isn't Big Enough for the Both of Us (said the Input Bins)

Microsoft Intune is great. Microsoft Intune is OK. Microsoft Intune does things, sometimes, after you wait a while. Okay - Intune EXISTS. And you know what Microsoft wishes did not exist anymore? That's right! All of your on-premises systems! Including, of course, print servers.

I have been slowly migrating to "modern" cloud services for the past few years. Now look - most of the cloud systems I use are great, but sometimes they do feel superfluous and/or half baked. That being said, I won't let a half-baked feature stop me from nuking some thrice-baked infrastructure that I'll no longer have to manage. Enter, my friends, the transition from Hybrid-Joined devices to Entra Joined devices. For more on that, see my post that I haven't written yet. I'll do it one day. Maybe.

Long story short, my devices are no longer hybrid-joined, they are only Entra-joined. They can still access on-prem resources via Cloud trust and Windows Hello for Business (link to non-existent blog on that shit). I had a bunch of hurdles to figure out before I could make Entra-joined a reality, and the last one was fucking PRINTING.

Now there are a ton of ways to rig this up, but none as easy as a print server, even with the Microsoft print nightmare curveballs they've wreaked havoc with over the years.

You can write some scripts that install printer drivers and import printer settings, but then again Intune does NOT have a way to run scripts at logon. Why? No fucking clue. You can use scheduled Intune remediation scripts, which are amazing, but you have to be licensed for it (am I? ¯\_(ツ)_/¯). Plus, maintaining said scripts is clunky and way too much work.

You can use a highly regarded third-party software like VasionPrint (formerly known as PrinterLogic), but I do not add agents to my devices unless I absolutely have to - one reason being the threat of a supply-chain attack like this one, this one, or this one. Plus, it cost dollars.

Enter, Microsoft Universal Print. Which also cost dollars, but thankfully it is included in Business Premium (and E3 and E5) which I'm already paying for. We do not do a ton of printing, but I do have a few requirements:

1. No user setup - all printers are available with the correct settings right after login.
2. Multiple print queues for the same printer with different settings.
3. Shared PCs with multiple users, all with the same printer installed that automatically prints from a specific tray. These users all print cardstock to a print queue with the correct settings that always prints from the MP tray.

Let's dig into it.

There are a couple different parts to Universal Print. There is the Universal Print dashboard in the Azure portal, and there is a way to automatically install the printers you setup there via an Intune config. I won't write a step-by-step guide here, as the Microsoft docs are pretty good.

You can add printers either directly in the printer web GUI (if the printer supports it), or you can add unsupported printers via the Universal Print connector. I choose to use my existing print server as a basis to launch the universal print rocket. I installed the connector on the server and connected it to Azure. Then I added the printers on the print server into the connector. They showed up in the Azure Universal Print portal, where I created shares for each printer and assigned the shares to the test user group. So far so good. I tested these on a user, and I could add them in the Windows 11 Settings, but they weren't automatically "installed" on the machine.

Requirement #1: All printers automatically installed.

To make these printer shares available automatically, I created the policy in Intune (using the Settings catalog) to provision these printers to the same test user group. No issues at all there. Requirement #1 fulfilled!

Requirement #2: Multiple print queues for the same printer with different settings.

And yes, they actually worked! They printed! We're done! Wait - one of the printers had two queues - one color, and one black & white. Both Universal print iterations of them came out in color. It looks like the printer settings/defaults do NOT carry over from the driver on your print server to the Universal Print connector. However, in the Azure portal you do get some options to set things, one of which is a color mode:

Setting that on each queue allowed me to replicate my current setup for those printers. Requirement #2, fulfilled!

Requirement #3: Setting a default input tray.

Onward to requirement #3, which is the whole reason I spent any time writing this fucking thing anyway. Do you notice anything missing from the Azure settings above? I see a way to set an output bin, but I could not find any option to set an input bin. I tried a bunch of different types of printers too - no input bin default option was available for any of them. Searching Microsoft's docs and random posts led to believe that it SHOULD be available. I just want this queue to automatically print to the MP tray (tray 1). What the hell?

I have one printer that supports Universal print directly on the latest firmware. I updated the firmware on that bitch then wired it up to Universal print directly without the need for the connector - just to see if that gave me the input bin option. The direct connection worked, but it gave me the same default options as it did when it was hooked up to the connector. Now look - I know the user can set the tray themselves - but I live on reducing the user clicks on everything. They shouldn't have to learn something new for my stupid Entra-join project - they should be able to print their cardstock the same way they have for years - automatically on TRAY 1. I decided to face the demon that is MS GRAPH.

Connect-MgGraph -Scopes "Printer.Read.All", "Printer.ReadWrite.All", "PrintJob.ReadWrite.All"

Get-MgPrintPrinter | Select-Object Id, DisplayName

$printerId = "696969696-2b66-4df2-8c30-69696969696" 
$printer = Get-MgPrintPrinter -PrinterId $printerId -Property Defaults, Capabilities
$printer.Capabilities | fl

Well, I'll be goddamned. If it isn't my old fucking friend, Input Bins. Look at all the pretty options we have:

I see tray-1! The current defaults have Input Bin as {}.

Here is the command to set this mother:

Update-MgPrintPrinter -PrinterId $printerId -BodyParameter @{
     defaults = @{
         inputBin = "tray-1"
     }
}

Just to actually check:

$printer = Get-MgPrintPrinter -PrinterId $printerId -Property Defaults, Capabilities
$printer.Defaults | fl

WE COOKIN NOW. Tested a print to this bad boy and it worked. So, if you ever want to set the Input Bin on a Universal Print printer - now you can. Summon the MS Graph demon. Just don't forget to put a salt circle down first so it doesn't escape.