Microsoft Windows Protected Print (WPP)
Information and Deployment Guide
Version 1.0 | 01/2025
Revision History
| Date | Version | Description | Author |
|---|---|---|---|
| 01/2025 | 1.0 | English Version | KDA Engineering (Mark DeSarno) |
Overview
What is Microsoft Protected Print
Windows Protected Print Mode (WPP) is a secure method to print documents for Windows. WPP utilizes the Internet Printing Protocol (IPP). It's designed to reduce the risk of data breaches by utilizing Windows OS driver technology, eliminating the need for outside third-party drivers and less secure communication ports. Other benefits include:
- All manufacturers utilize the same driver
- Greatly Reduced support and management resources for printer output workflow.
- Printer Drivers updates for functionality and security are automatically applied.
Architecture
If an enterprise decides to move all their printer fleet to WPP printing, all existing printer devices currently installed utilizing 3rd Party drivers that are not Windows Modern Print Stack compliant (WPP, MS Universal Print, Embedded OS) will be automatically removed after the device is set by an administrator to WPP and the PC is restarted.
Listed are some of the Kyocera drivers that will be removed:
- KX Driver
- Kyocera Universal Driver (Full and Type 4)
- PCL Mini Drivers
- KPDL Mini Driver
- Kyocera Network Fax Driver
- PDF Print Drivers (Except Microsoft PDF printer)
Note: Kyocera TWAIN Driver is still operational for scanning.
Windows 11 Accessible Printer Impact
Before enabling WPP
- Kyocera KX & Fax Driver are selectable
- Adobe PDF Print
Description of visual: A list of printer statuses before enabling WPP, showing Kyocera TASKalfa 9003i KX, Kyocera TASKalfa 9003i NW-FAX, and Adobe PDF Print to PDF as 'Ready'.
After enabling WPP and restarting the PC
- Added Devices: WPP TA-9003i
- Added MS Universal Print TA-3554ci
- MS Print to PDF
Description of visual: A list of printer statuses after enabling WPP, showing Kyocera TASKalfa 3554ci KM9DAC98 (with a document waiting), Kyocera TASKalfa 9003i, and Microsoft Print to PDF as 'Ready'.
Enabling WPP on PC and Setup Printer MFP
This section explains how to set up the WPP environment and how to use its functionality.
Administrator Checks
- The Windows 11 OS requires version 24H2 or later installed for the feature.
- Access to the Local Group Policy Editor feature.
- Ensure the print devices can directly communicate to the Windows 11 PC on the network.
Note: Windows 11 22H2 level update will not operate WPP correctly and recovery out of WPP may not be possible. Do not activate WPP if the device is at 22H2.
Prepare the User Windows 11 PC
In order to use WPP, you need to prepare the following environment:
| Item | Name | Description |
|---|---|---|
| 1 | PC | PC's Windows 11 version must be 24H2 or later. |
| 2 | Communication | Ensure the print devices are online and can directly communicate to the Windows 11 PC on the network. |
| 3 | Administration | Requires access to the Local Group Policy Editor feature. |
Enabling WPP
It is recommended that activation is performed by an administrator from the Local Group Policy Editor so end users are not able to accidentally disable it from the settings screen.
To enable WPP, follow these next steps:
Open Local Group Policy Editor
Description of visual: The Local Group Policy Editor window is displayed, showing the navigation pane with 'Computer Configuration' expanded to reveal 'Software Settings', 'Windows Settings', and 'Administrative Templates'. The right pane shows policy categories.
Configuration Steps
Select Administrative Templates
Description of visual: The Local Group Policy Editor is shown, highlighting 'Administrative Templates' under 'Computer Configuration'. The right pane lists policy categories, with 'Printers' selected.
Select Printers
Description of visual: Within the 'Administrative Templates' section, the 'Printers' category is selected. The right pane displays policy settings related to printers, including the option to manage network printer configuration.
Configure Windows Protected Print Setting
Description of visual: The 'Configure Windows protected print' policy setting window is displayed. It shows options for 'Not Configured', 'Enabled', and 'Disabled', along with a description of the setting's purpose and requirements.
Select 'Enabled' then Apply and OK to register the change.
Description of visual: The 'Configure Windows protected print' window shows 'Enabled' selected. The 'Supported on' field indicates 'At least Windows 11 Version 24H2'. The help text explains the functionality and limitations.
After selecting OK, the status will change to Enabled.
Important: The Windows 11 PC requires a restart before adding print devices or errors will occur!
Description of visual: The Local Group Policy Editor is shown again, with the 'Configure Windows protected print' setting now listed as 'Enabled' under the 'Printers' section within 'Administrative Templates'.
Important: The Windows 11 PC requires a restart before adding print devices or errors will occur!
Confirming Windows Protected Print Mode is Enabled
After restarting your Windows 11 PC, to ensure WPP was activated, go to Bluetooth & Devices, then select Printers & Scanners.
Description of visual: The Windows 11 Settings app is shown, navigating to 'Bluetooth & devices'. It lists connected devices and options like 'Add device'. 'Printers & scanners' is highlighted in the left navigation pane.
You will see Windows Protected Print Mode. (Since WPP was set up through Logical Group Policies, users cannot disable the mode from this screen, ensuring WPP compliance.)
Printer Preferences
Windows protected print mode: This feature helps ensure the latest security standard for printer software. Turning this on may limit the availability of some printers using an older default security standard.
Setup the Printer/MFP
Ensure that print devices being configured for WPP are active on the network with an online status and can communicate with the PCs being configured.
(This can be accomplished from the Command Prompt by pinging the printers that will be set up.)
Under "Settings", select Bluetooth & Devices, then Printers & Scanners, then add devices.
Description of visual: The 'Printers & scanners' section of Windows Settings is shown, listing various Kyocera printer models with an 'Add device' button next to each. The option 'Add a printer or scanner' is also visible.
Adding Devices
WPP will scan the network for Print and scan devices to add to the Windows 11 PC.
Description of visual: The 'Printers & scanners' section in Windows Settings is shown, listing various Kyocera printer models (e.g., TASKalfa 9003i, TASKalfa 3554ci) with an 'Add device' button next to each. A specific model, 'Kyocera TASKalfa 9003i', is highlighted with a red box.
Windows will automatically create the Printer, build the driver, and configure the hardware options for the device. The Print Device will appear as the model and host name.
Description of visual: The 'Printers & scanners' list now shows added devices. Examples include 'Kyocera TASKalfa 9003i:KM891107' identified as a 'WPP Printer', and 'Microsoft Print to PDF' as 'MS PDF Print'.
Advanced Features
WPP Windows 11 User Graphics interface for Printer. Default initial screen offerings with Advanced Key output options.
Description of visual: The 'Kyocera TASKalfa 9003i Document Properties' window is shown, with 'Layout' and 'Paper/Quality' tabs. The 'Advanced...' button is highlighted, indicating access to further settings.
Advanced features offer:
- 29 different paper sizes
- All Cassette options
- Copy Counts to 9999
- Color and B&W Print Modes
- Finishing Features:
- Stapling/Hole Punch
- Binding (Booklet)
- Output Trays
- Scaling
Description of visual: The 'Microsoft IPP Class Driver Advanced Options' window is displayed, showing specific settings such as Paper Size (Tabloid), Copy Count (1 Copy), Color Printing Mode (Grayscale), Output Bin (Tray 3), Stapling (Left edge, 2 staples), Document binding (Edge stitch, auto), and Scaling (Fit).
Conclusion
Clients utilizing WPP will require less management of the print system workflow management because of the integration of the printer profiles inside Windows 11.
About KYOCERA Document Solutions America, Inc.
Kyocera Document Solutions America, Inc. (https://usa.kyoceradocumentsolutions.com) is a group company of Kyocera Document Solutions Inc., a global leading provider of total document solutions based in Osaka, Japan. The company's portfolio includes reliable and eco-friendly MFPs and printers, as well as business applications and consultative services which enable customers to optimize and manage their document workflow, reaching new heights of efficiency. With professional expertise and a culture of empathetic partnership, the objective of the company is to help organisations put knowledge to work to drive change.
Kyocera Document Solutions Inc. is a group company of Kyocera Corporation (Kyocera), a leading supplier of semiconductor packages, industrial and automotive components, semiconductor packages, electronic devices, smart energy systems, printers, copiers, and mobile phones. During the year ended March 31, 2023, the Kyocera Group's consolidated sales revenue totalled 2 trillion yen (approx. US$15.1 billion). Kyocera is ranked #672 on Forbes magazine's 2023 "Global 2000" list of the world's largest publicly traded companies, and has been named by The Wall Street Journal among "The World's 100 Most Sustainably Managed Companies."
[For MF communications, please consult with your internal risk or legal teams as to what additional language is appropriate.]
