Windows Protected Print - Everything you know about printing is changing

Printing in Windows has seen little change over the past 25 years since the launch of the V3 printer driver model with Windows 2000. At that time, the goal was to simplify the printing process for users. Introducing "point and print" enabled the installation of printer drivers without requiring local administrator permissions. While this approach benefited users and administrators, it also created vulnerabilities that modern hackers could exploit, resulting in security issues like the "Print Nightmare" flaw. In fact, print-related cases accounted for 9% of all reports to the Microsoft Security Response Center. Something had to change. And it has.

Microsoft introduces Windows Protected Print mode

With Windows Protected Print (WPP), Microsoft is transforming the way printing operates. Once enabled, WPP prevents the installation of any V3 or V4 printer drivers, whether through point-and-print or manual setup. Additionally, any existing V3 or V4 drivers will cease to function. Printing will only be possible with Mopria-certified printers using the Microsoft IPP class driver. Windows Protected Print was introduced with Windows 11 24H2 (released on October 1, 2024) and will also be part of Windows Server 2025. The default setting for WPP is initially disabled, but Microsoft said it would change it to “enabled” in a few years.
Enabling WPP mode is very simple. When going to the regular “Printers & Scanners” section of Windows 11, the option to “Set Up” Windows Protected Print mode is shown to the user.

Enabling WPP mode will break existing printers, so the user has to have local administrator rights to do this. This ensures that IT departments are not overwhelmed with users complaining that printing doesn’t work anymore just because they tried to discover “what does this button do?” It is recommended at the moment that organizations disable Windows Protected Print mode using group policy to avoid the accidental breaking of printing. Only when the organization has confirmed that their printers are compliant with WPP and the functionality of the Microsoft IPP Class driver is good enough for their printing requirements should they look at creating a roll-out plan for WPP.

Where does Mopria fit in?

The Mopria Alliance was founded in 2013 by Canon, HP, Samsung, and Xerox but has since been joined by most leading companies in the worldwide printing and scanning business, such as Adobe, Brother, Lexmark, Konica Minolta, Kyocera, Microsoft, OKI, Ricoh, Toshiba, and many others. The mission is to provide universal standards and solutions for printing and scanning. There are more than 8,500 Mopria-certified printer and scanner models from companies in 24 countries with over 120 million devices in the field. In short, Mopria is the coming together of everyone involved in printing to ensure that printing “just works.”
When WPP is enabled, Microsoft has said only Mopria-certified printers can be installed. As a daughter company of Canon, one of the founding members of the Mopria Alliance, NT-ware has been involved with Mopria for many years, and we have access to all the specifications and certification tools required. uniFLOW Server has been certified by Mopria since 2020.

When will uniFLOW and uniFLOW Online be compatible with Windows Protected Print?

We are currently updating and re-certifying our Mopria compliant service to the latest Mopria specification to get the most extensive support possible from Windows 11 and Windows Protected Print mode. We expect this to be part of the uniFLOW Server 2025 LTS launch scheduled for February 2025. For uniFLOW Online, support will come shortly after.