Introduction
What Is Azure Virtual Desktop?
Azure Virtual Desktop (AVD) is a Microsoft desktop service hosted on Azure. It allows organizations to deliver virtual Windows 10 and 11 desktops to their workforce, regardless of where they’re located. With an internet connection, users can access a secure virtual desktop from a wide variety of supported endpoints such as Windows, Mac, iOS, Android, and HTML5. Organizations can provide a secure and customizable Windows end-user experience or limit access to specific apps.
Market Significance
AVD competes with virtualization providers like Amazon Workspaces, VMware, and Citrix as well as a number of smaller cloud-based competitors. It’s expected to have a significant market impact because it’s a Microsoft service that integrates with other Microsoft solutions. The company offers customers favorable pricing and bundle deals on Azure, Windows, and Office 365 licenses to accelerate adoption of the new virtualization platform.
Azure Virtual Desktop Benefits
Enhanced Data Security
Storing sensitive information in a trusted and secure cloud environment is less risky than distributing that data across user endpoints. It also allows IT and IA teams to focus more on securing the data, rather than being encumbered by needing to secure the endpoints it may be on.
Support for a Wide Range of Endpoints
Endpoint support extends to essentially any device that is capable of running a web browser, including thin clients and mobile devices, providing maximum workforce flexibility and mobility.
Virtualized Office 365 ProPlus, Optimized for Multi-user Sessions
A cost-effective solution for many Microsoft customers with ties to Office 365.
Windows 10 and 11 Enterprise Multi-session
A comparably easy and cost-effective way for larger organizations to migrate to a Windows 10 and 11 desktop experience.
Unified Management for Desktops and Virtual Applications
IT teams can centrally manage Windows 10 and 11 desktops and Microsoft Virtual Desktops—regardless of endpoint—just as they manage printing in the cloud. By shifting desktop administration to the cloud, organizations gain streamlined control, enhanced security, and simplified management across all devices and platforms.
How Vasion Print Improves the Azure Virtual Desktop Printing Experience
Challenges of AVD Printing and Redirected Printers
AVD faces the same basic printing challenges as other VDI solutions: the user interacts with a virtual computing environment, but network printers are connected to a local network that’s separate from the virtual workspace.
Microsoft’s answer to this challenge is the redirected printer functionality built into AVD or the use of Microsoft Universal Print (UP). Both approaches require organizations to make compromises. UP greatly limits the functionality of copiers and MFDs to all but the most basic functions. It is also only available to Azure Active Directory (AD) users, making it unapproachable for any hybrid-AD/Azure AD environments.
Another commonly referenced challenge to printing in AVD, and the dependence on UP, is the complicated licensing approach that forces cost centers to share printing costs, since it is priced “per user.” This makes it difficult to equitably share print costs between a low-print department, like IT, and a high-print department, like Legal or HR. The situation is further complicated if your Microsoft 365 tier does not include Universal Print, which must then be purchased as an add-on priced per user, per month. This allows you to purchase licenses for only those employees who need to print via the service.
Vasion Print SaaS enhances this core capability by integrating with AVD, eliminating print servers, and streamlining printer and driver deployments, all while maintaining full copier MFD functionality.
Microsoft’s answer to this challenge is the redirected printer functionality built into AVD or the use of Microsoft Universal Print (UP). Both approaches require organizations to make compromises. UP greatly limits the functionality of copiers and MFDs to all but the most basic functions. It is also only available to Azure Active Directory (AD) users, making it unapproachable for any hybrid-AD/Azure AD environments.
Another commonly referenced challenge to printing in AVD, and the dependence on UP, is the complicated licensing approach that forces cost centers to share printing costs, since it is priced “per user.” This makes it difficult to equitably share print costs between a low-print department, like IT, and a high-print department, like Legal or HR. The situation is further complicated if your Microsoft 365 tier does not include Universal Print, which must then be purchased as an add-on priced per user, per month. This allows you to purchase licenses for only those employees who need to print via the service.
Vasion Print SaaS enhances this core capability by integrating with AVD, eliminating print servers, and streamlining printer and driver deployments, all while maintaining full copier MFD functionality.
Benefits of Managing AVD Printing With Vasion Print
Secure and Flexible Printing Options
Direct IP Printing
Facilitates a straightforward connection between the endpoint and the printer over the local network. No print data is transferred to/from third-party cloud services in order to complete a print job. A job originating in an AVD session goes from Azure to the endpoint over a secure RDS channel and is then handed off to the local printer driver. Finally, it’s processed and printed locally, keeping print traffic behind the organization’s firewall.
Off-Network Printing (ONP)
Provides secure printing for remote users by extending the network’s reach without requiring VPN connections. Print jobs are sent to a secure server (either in the cloud for SaaS instances or on-premise for VA installations). A service client residing within the organization’s network is notified when a job is available, retrieves it from the server, and sends it to the printer for output.
Off-Network Cloud Printing (ONCP)
Helps eliminate on-premise infrastructure by securely storing encrypted print jobs in the cloud until retrieved by an application installed on the printer, reducing complexity while maintaining network security.
Adopting a Zero Trust Network Architecture
In a Zero Trust environment, every device on the network is considered a potential risk. Therefore, users must authenticate their identity each time they access a resource—such as a printer—regardless of previous logins. Most printing solutions do not follow this Zero Trust principle. Instead, they use pull-printing methods that assume the printer is safe for everyone and only require authentication when the job is released.
Vasion’s Off-Network Printing, on the other hand, delivers a true Zero Trust solution. It isolates printers on dedicated networks and requires both certificate-based and user authentication before granting access. Additionally, it can enforce authentication (both user and certificate) when retrieving print jobs. This end-to-end Zero Trust approach enables new printing workflows, such as secure cloud printing or printing from a public network to a private network, all without needing complex firewall rules or VPNs. It also fully integrates with popular Identity Providers (IdPs) like intraID.
Vasion’s Off-Network Printing, on the other hand, delivers a true Zero Trust solution. It isolates printers on dedicated networks and requires both certificate-based and user authentication before granting access. Additionally, it can enforce authentication (both user and certificate) when retrieving print jobs. This end-to-end Zero Trust approach enables new printing workflows, such as secure cloud printing or printing from a public network to a private network, all without needing complex firewall rules or VPNs. It also fully integrates with popular Identity Providers (IdPs) like intraID.
Integrating with Popular IdPs
Vasion Print supports major IdPs, like Azure AD, to provide enhanced security to your whole print environment. Admins can more easily manage and allow network access to the necessary users with IdPs.
Protecting Documents with Secure Release Printing
Vasion Print can be configured to hold print jobs on the endpoint until the user walks over and releases their job(s) at the printer. This provides additional security for sensitive files so documents can’t be accidentally seen by others, or left abandoned on the output tray.
Enhanced Encryption with Off-Network Printing
Off-Network Printing enhances security by allowing customers to use their own publicprivate key pair for job encryption. Print jobs remain encrypted from the workstation to the server and are only decrypted by the service client before printing, ensuring data confidentiality even in SaaS environments.
Promoting Sustainability
Consolidate infrastructure and applications with Vasion Print by switching to a cloud-native solution and creating more sustainable print practices for your organization.
How It Works
The following section details the printing process in an Azure Virtual Desktop environment using Vasion Print.
Figure 1. Vasion Print Integration with Azure Virtual Desktops
• Installing a Vasion Print Client:On the Vasion Print side, the SysAdmin pushes out the Vasion Print client to the organization’s workstations or thin clients on endpoint OSes like Windows, Mac, Linux, and Chrome. Using the Vasion Print Admin Console, IT can deploy and manage printers and drivers on those endpoints, and print via direct IP without the need for print servers, scripting, or GPOs. The client checks in to the Vasion Print SaaS instance using a TLS connection.
• Initiating an Azure Virtual Desktop Session: The user logs in using Microsoft’s Remote Desktop Client (RDC), which resides on their local device. This connects their endpoint to a virtual Windows session in Azure. The RDC handles all necessary credentials and authentication and connects to AVD-published applications or to a Windows 10 or 11 virtual desktop session.
• Printing in an AVD session: Printers installed by Vasion Print on the endpoint will appear as redirected printers in the AVD session. The Microsoft client (RDC) serves as the go-between and queries the endpoint’s OS to discover which printers are installed. The RDC then directs AVD to show those printers in the virtual session as redirected printers and gives them the same name with a “redirected” tag. The user picks an available redirected printer and initiates the print job. The Microsoft client then goes to work and compresses the file data, packages it in EMF format, and sends it via secure Microsoft Remote Desktop Services (RDS) protocol to the user’s endpoint.
Once it reaches the local workstation, the print job is uncompressed and handed off to the printer driver managed by Vasion Print, which then processes it as it would any print job. The printer driver renders the file, which is then spooled and sent via direct IP to the designated printer, and the job is printed.
Printing With Web Browser Connections
AVD sessions using Microsoft’s RDC deliver the most functional and intuitive printing experience. However, some organizations have endpoint devices that use an HTML-5 browser to spin up a virtual desktop session or app. In this scenario, printing is limited to a virtual PDF printer that’s provided by Microsoft in the session. The file is sent down to the endpoint using the same secure (RDS) channel, where it can be saved and printed. Vasion Print SaaS offers Mobile Printing to facilitate printing a PDF document for iOS, Android, and Chrome OS devices.
Why Use Vasion Print?
Vasion Print eliminates all print servers from your network environment, replacing them with simple, secure, and efficient centrally managed direct IP printing or Off-Network Printing. Single points of failure are removed, resulting in high availability where printing continues even when the internet is down. Printer and driver deployments are managed centrally using a web-based Admin Console, eliminating the need for troublesome scripting and GPOs.
There are two versions of Vasion Print. One is a true SaaS implementation that eliminates the need for traditional print server infrastructure, hardware resources, licensing, or maintenance. No VPN is required, and customers receive security and uptime servicelevel agreements. The other is an easily updated Virtual Appliance (VA) print management platform that is quickly deployable in any private cloud environment, including in IL4/IL5 and GCC Moderate/High within AWS or Azure Cloud. Read more about this topic in our Vasion Print Virtual Appliance white paper.
The Vasion Print platform also features location-based printing based on IP address range. If an employee changes locations, printers that are no longer relevant are dropped from the user’s printer menu, and new ones that are close by appear automatically. As a true SaaS and VA platform, Vasion Print’s solution helps users adopt Zero Trust into their print environment, which a conventional print management software cannot del
Microsoft’s Azure Virtual Desktop is a significant opportunity for organizations migrating to a virtualized, cloud-based desktop strategy. It is secure, supports various endpoints, and is especially well suited to the increasingly remote and mobile workforce. Vasion Print SaaS and Virtual Appliance (Vasion’s on-premise deployment) integrates with AVD in a powerful way, ensuring that users always have the redirected printers they need in their virtual sessions. Vasion Print helps IT teams eliminate all print servers and deliver a highly available direct IP printing infrastructure.
If you’re interested in exploring Vasion Print SaaS or VA for your organization, schedule a demo here.
There are two versions of Vasion Print. One is a true SaaS implementation that eliminates the need for traditional print server infrastructure, hardware resources, licensing, or maintenance. No VPN is required, and customers receive security and uptime servicelevel agreements. The other is an easily updated Virtual Appliance (VA) print management platform that is quickly deployable in any private cloud environment, including in IL4/IL5 and GCC Moderate/High within AWS or Azure Cloud. Read more about this topic in our Vasion Print Virtual Appliance white paper.
The Vasion Print platform also features location-based printing based on IP address range. If an employee changes locations, printers that are no longer relevant are dropped from the user’s printer menu, and new ones that are close by appear automatically. As a true SaaS and VA platform, Vasion Print’s solution helps users adopt Zero Trust into their print environment, which a conventional print management software cannot del
Microsoft’s Azure Virtual Desktop is a significant opportunity for organizations migrating to a virtualized, cloud-based desktop strategy. It is secure, supports various endpoints, and is especially well suited to the increasingly remote and mobile workforce. Vasion Print SaaS and Virtual Appliance (Vasion’s on-premise deployment) integrates with AVD in a powerful way, ensuring that users always have the redirected printers they need in their virtual sessions. Vasion Print helps IT teams eliminate all print servers and deliver a highly available direct IP printing infrastructure.
If you’re interested in exploring Vasion Print SaaS or VA for your organization, schedule a demo here.