by Contributed | Feb 11, 2021 | Technology
This article is contributed. See the original author and article here.
UniPrint Infinity is the print management solution of the Process Fusion’s Digital Process Automation platform.
UniPrint Infinity integrates with Universal Print by extending its abilities by allowing Print-to-Physical with Secure Release & Print-to-Digital for Process Automation.
With UniPrint Infinity and Universal Print, Microsoft 365 users can print to a “Print-to-Physical Release” queue for password authentication and release at a later time.; They can also send documents into our “Print-to-Digital Workflow” queue which will digitize its content for document processing.
UniPrint Infinity is a device and network agnostics (“DNA”) solution in which print jobs can be sent from Windows and Mac computers, mobile devices such as Android/iOS phones and tablets, and Chromebooks.
How does it work?
UniPrint Infinity Print-to-Physical-Release and Print-to-Digital-Workflow queues are made available by the UniPrint InfinitySend Agent as cloud printers to Azure Active Directory users with a Microsoft 365 subscription.; Users can then simply add these printers from Windows Settings->Devices->Printers & scanners->Add printer, or the administrator can push down printers to any user or group within the organization.
Once the cloud printers are created (no driver is installed) on the user’s device the user simply prints seamlessly like they are normally accustomed to.; Once they press ‘Print’, the job is spooled into the Azure Cloud then routed into the UniPrint Infinity system as a secure PDF/XPS file.
Diagram illustrating how the UniPrint solution interacts with Universal Print
Output to physical
If the user prints to the Print-to-Physical-Release queue, the user can then release their jobs from any mobile device using UniPrint Infinity release apps or physical release device (vPad Pro and MFP Embedded App) to the printer of their choice. All the secure release methods support Microsoft Azure AD authentication to ensure the user has a secure and straightforward experience.
Output to digital
If the user prints to the Print-to-Digital-Workflow queue, they send their job to be digitized for process automation.; The Print-To-Digital feature allows the capture, auto-classification and data extraction of a digital print job using Microsoft Machine Learning and A.I. platform for process automation.;; The result is reducing the error and labor cost associated with manual document processing and accelerate the digital transformation of any paper-centric business processes.
To learn more about additional features and functionality, please visit UniPrint Infinity.
by Contributed | Feb 11, 2021 | Technology
This article is contributed. See the original author and article here.
Hi everyone and welcome to chapter 14 of 2020! It’s been a little while since we talked about standards for passwordless so we’re excited to tell you about some new enhancements and features in FIDO2 land that you’ll start seeing in the wild in the next few months!
Specification Status
The Web Authentication API (WebAuthn) Level 2 specification is currently a Candidate Recommendation at the W3C. “Level 2” essentially means major version number 2.
The version 2.1 of the Client to Authenticator Protocol (CTAP) specification is a Release Draft at the FIDO Alliance. This means the spec is in a public review period before final publication.
These new draft versions are on their way to becoming the next wave of FIDO functionality (as of the writing of this blog, we support Level 1 of WebAuthn and CTAP version 2.0). We think you might want to hear about what we think is especially fun about WebAuthn L2 and CTAP 2.1.
Enterprise Attestation (EA)
Enterprise Attestation is a new feature coming as part of WebAuthn L2 and CTAP 2.1 that enables binding of an authenticator to an account using a persistent identifier, similar to a smart card today.
FIDO privacy standards require that a “a FIDO device does not have a global identifier within a particular website” and “a FIDO device must not have a global identifier visible across websites”. EA is designed to be used exclusively in enterprise-like environments where a trust relationship exists between devices and/or browsers and the relying party via management and/or policy. If EA is requested by a Relying Partying (RP) and the OS/browser is operating outside an enterprise context (personal browser profile, unmanaged device, etc), the browser is expected to prompt the user for consent and provide a clear warning about the potential for tracking via the persistent identifier being shared.
Authenticators can be configured to support Vendor-facilitated and/or Platform-managed Enterprise Attestation. Vendor-facilitated EA involves an authenticator vendor hardcoding a list of Relying Party IDs (RP IDs) into the authenticator firmware as part of manufacturing. This list is immutable (aka non-updateable). An enterprise attestation is only provided to RPs in that list. Platform-managed EA involves an RP ID list delivered via enterprise policy (ex: managed browser policy, mobile application management (MAM), mobile device management (MDM) and is enforced by the platform.
Spec reference:
CTAP 2.1 – Section 7.1: Enterprise Attestation
WebAuthn L2 – Section 5.4.7: Attestation Conveyance Preference
Authenticator Credential Management and Bio Enrollment
Credential Management is part of CTAP 2.1 and allows management of discoverable credentials (aka resident keys) on an authenticator. Management can occur via a browser, an OS settings panel, an app or a CLI tool.
Here’s an example of how the Credential Management capability is baked into Chrome 88 on macOS (chrome://settings/securityKeys). Here I can manage my PIN, view discoverable credentials, add and remove fingerprints (assuming the authenticator has a fingerprint reader!) and factory reset my authenticator.
Clicking on “Sign-in data” shows the discoverable credentials on the authenticator and allows me to remove them. This security key has an Azure AD account and an identity for use with SSH.
Bio Enrollment allows the browser, client, or OS to aid in configuring biometrics on authenticators that support them. This security key has one finger enrolled. I can either remove the existing finger or add more.
Here’s an example of authenticator credential management via a CLI tool, ykman from Yubico.
Spec references:
CTAP 2.1 – Section 5.8: Credential Management
CTAP 2.1 – Section 5.7: Bio Enrollment
Set Minimum PIN Length and Force Change PIN
CTAP 2.1 allows an RP to require a minimum PIN length on the authenticator. If the existing PIN does not meet the RP’s requirements, a change PIN flow can be initiated.
An authenticator can also be configured with a one-time use PIN that must be changed on first use. This is an additional layer of protection when an authenticator is pre-provisioned by an administrator and then needs to be sent to an end user. The temporary PIN can be communicated to the end user out of band. We see this being used in conjunction with Enterprise Attestation to create a strong relationship between an authenticator and a user.
Spec reference:
CTAP 2.1 – Section 7.4: Set Minimum PIN Length
Always Require User Verification (AlwaysUV)
AlwaysUV is part of CTAP 2.1 and allows the user to configure their authenticator to always prompt for user verification (PIN, biometric, etc), even when the Relying Party does not ask for it. This adds an extra layer of protection by ensuring all credentials on the authenticator require the same verification method.
Spec reference:
CTAP 2.1 – Section 7.2: Always Require User Verification
Virtual Authenticator DevTool
This one is not tied to updates of either specification but we love it and wanted to share! Chrome and Edge (version 87+) now include a virtual authenticator as part of DevTools. It started as a Chromium extension back in 2019 and is now native! Oh, and the code is on Github!
It is a great tool for testing, debugging and learning! Try it with one of the awesome WebAuthn test sites: Microsoft WebAuthn Sample App, WebAuthn.io, Yubico WebAuthn Demo.
To access the tool, open Developer Tools ( F12 or Option + Command+ I ), click the Menu icon on the top right (…) then More tools and WebAuthn.
Enabling the virtual authenticator environment will allow you to create a new authenticator by picking a protocol (CTAP2 or U2F), transport (USB, Bluetooth, NFC or internal), resident key (discoverable) and user verification support.
As new credentials are created, you’ll see them listed and the sign count will increase as the credential is used.
Want to know more? Here’s an amazing blog by Nina Satragno from the Chrome team over at Google who created this amazing DevTool!
How we built the Chrome DevTools WebAuthn tab
Wrap Up
That rounds out the major features we believe will have the most impact. Here’s a few other enhancements and features that are important to mention!
If you’d like to hear more about any of these enhancements/features (or anything else identity related, let’s be honest), leave us a note :backhand_index_pointing_down: in the comments.
Thanks for reading!
Tim Cappalli | Microsoft Identity | @timcappalli
by Contributed | Feb 11, 2021 | Technology
This article is contributed. See the original author and article here.
Digital transformation has been with us for some years, but with the global pandemic, it has quickly become an urgent reality for many organizations. With the various lockdowns around the globe, companies suddenly had to adjust their business processes and enable workers to work from home (WFH) while others are in the office. IT professionals must ensure printing is still secure when supporting a hybrid workforce.
The market movement towards cloud has accelerated rapidly during the COVID-19 pandemic and Kyocera believes Universal Print will play an integral part in the new normal.
Microsoft 365 brings together Office, Enterprise Mobility + Security, and Windows 10 Enterprise to empower people with the most innovative productivity tools. Universal Print is a new innovative technology that delivers a flexible printing environment using a cloud-based service that is part of Microsoft 365.
Universal Print is a multi-tenant, cloud-based modern print service. It moves printing to the cloud by removing the need for the on-premises print servers and Active Directory domain controllers that have been traditionally necessary for printing. Instead, Universal Print uses Azure Active Directory (Azure AD) and enables IT administrators to share printers across their organization, regardless of where the end users are located. It also adds key functionality such as security groups for printer access, location-based printer discovery, and a comprehensive administrator experience.
Kyocera believes that Universal Print will accelerate the transition to a cloud-based print infrastructure as organizations look to deliver an efficient, secure and cost-effective print environment that supports today’s rapidly evolving hybrid workplace. Kyocera is working with Microsoft to offer integration with the Universal Print service on selected Kyocera devices for organizations to manage their print infrastructure through Microsoft 365 cloud services. This integration should be complete in early 2021.
Ultimately, Universal Print can be an effective tool in helping to support the printing needs of the hybrid workplace, providing remote workers with a secure way to submit print jobs either to home office printers or to any office location. Universal Print is a good answer to enterprises that are limiting their dependency on on-premises servers (including print servers),and want a more centralized approach to print management. This will help to better control costs, and reduce IT complexity as it relates to printers.
After the general availability of Universal Print, Kyocera will begin releasing new devices that natively support the platform without needing the proxy connector, and offer firmware updates for existing devices. The shift to native Universal Print will allow realizing an even more tightly integrated and seamless user and administrator experience. We believe Universal Print is certainly the way forward as organizations navigate the new demands on their traditional print infrastructure.
Kyocera looks forward to continuing the journey with Microsoft as the market continues the adoption of Universal Print.
by Contributed | Feb 11, 2021 | Technology
This article is contributed. See the original author and article here.
Hi everyone,
We are considering replacing the Lab Account experience with a slightly different concept in the future. Please help us name this new concept by taking a quick 3-minute survey: https://www.surveymonkey.com/r/79MJ8GN
The survey will describe the new concept and the naming options.
We’d love to hear any feedback on how the different term options influence your perspective of what this new concept does.
Thank you!
by Contributed | Feb 11, 2021 | Technology
This article is contributed. See the original author and article here.
At Printix, we designed and built our cloud print management platform from the ground up as a Microsoft Azure hosted solution.
Our aim is to transform traditional print management, allowing organizations of any size to benefit from the flexibility, productivity, cost savings and sustainability contributions offered by a modern workplace printing solution.
To help end-customers achieve this we embrace a cloud first, mobile first strategy; simplify and automate print related admin tasks; turn big data into actionable insights to obtain better decisions for companies; and offer the entire package as the first Print Management as a Service business model with usage-based pricing.
We support Universal Print by Microsoft as a hand in glove solution embracing common objectives of modern workplace print management.
Integrate Universal Print with Printix
Organizations running Universal Print can extend the capabilities with support for all current printers and multifunction devices along with additional printing capabilities.
- Direct print. Keep documents local and ensure print availability if Internet is down.
- Secure document release with Printix App to print when and where you want from any smartphone, tablet, or computer to any printer.
- Secure document release with Printix Go. Integrates with your printer’s touchscreen control panel, offering secure print release, copy control, card-based authentication and more.
- Mobile Printing from iOS and Android
- Google Workspace and Chromebook support for mixed environments.
- Windows Virtual Desktop, Citrix or RDS support.
Additionally, the Printix solution can benefit Universal Print users by delivering:
- Support for Windows, Mac and Chrome OS as well as Android and iOS/iPadOS
- Leverage Printix’s proven solution to translate printer capabilities from printer vendor specific drivers to Universal Print printer attributes
- Support for Mac with native driver print
How it works
Microsoft Graph API integration connects Printix and Universal Print to a single managed cloud service with extended features, security, management, and reporting.
Integration is Key
In successfully partnering as a co-sell ready Microsoft ISV for several years now, Printix continues to support Microsoft and its channel partners with tightly integrated solutions. Supporting Universal Print is the latest in a long line of Microsoft integrations provided by Printix including:
Recent Comments