Windows 11 gets new Protected Print Mode (WPP) to ditch printer drivers

Microsoft introduces new code stack to modernize and make printing more secure on Windows 11.

Windows Protected Print Mode policy
Windows Protected Print Mode policy
  • Windows Protected Print Mode moves away from legacy print drivers.
  • The new print stack is more secure and streamlined.
  • The only caveat is that it only works with Mopria-certified printers.

Microsoft is finally modernizing the print system for Windows 11 and future releases with the new “Windows Protected Print Mode” (WPP) that aims to bring more security and a new implementation that moves away from traditional printer drivers.

The Windows Protected Print Mode is a new code stack that allows printers to connect to Windows 11 and work without installing third-party drivers. It just works. In addition, and perhaps more importantly, it’s a technology that enhances the security of the printing process. It works by isolating the print spooler and settings from the rest of the operating system, which, in turn, makes it more difficult for malicious individuals to exploit vulnerabilities and compromise your computer.

The protected print mode blocks third-party print drivers, which can be a source of vulnerabilities, which means that only drivers that Microsoft has digitally signed can be used in the operating system. As a result, only Mopria-certified printers (which have undergone rigorous security testing) are supported.

The new stack is available as a preview on Windows 11 build 26016 in the Canary Channel, and by default, it’s not enabled, meaning that the operating system doesn’t have any restrictions, and you can install any printer. However, after turning on WPP, you can only set up Mopria-certified printers.

If you have a Mopria printer, you have to enable the printer stack manually on Local Group Policy > Computer Configuration > Administrative Templates > Printers by setting the “Configure Windows protected print” to “Enabled.”

According to Microsoft, there are a few reasons for this new stack implementation. The primary reason is that printers have been through a number of attacks, and better security was needed. Perhaps the most recognized was the so-called “Print Nightmare,” which was a bug that allowed the installation of drivers remotely and permitted the attacker to gain system privileges.

Second, the printing system on Windows has been virtually the same for more than two decades, and modernization of the stack was overdue.

Compatibility is another aspect that Microsoft wanted to tackle, and even though this approach doesn’t support most older printers and has some limitations, it’s setting up a new framework to make future devices more compatible and secure.

It’s important to note that this implementation is in the early stages. In the future, the company plans to build an interface to manage the feature and continue improving the security of the new print stack.

About the author

Mauro Huculak is a Windows How-To Expert who started Pureinfotech in 2010 as an independent online publication. He has also been a Windows Central contributor for nearly a decade. Mauro has over 15 years of experience writing comprehensive guides and creating professional videos about Windows and software, including Android and Linux. Before becoming a technology writer, he was an IT administrator for seven years. In total, Mauro has over 21 years of combined experience in technology. Throughout his career, he achieved different professional certifications from Microsoft (MSCA), Cisco (CCNP), VMware (VCP), and CompTIA (A+ and Network+), and he has been recognized as a Microsoft MVP for many years. You can follow him on X (Twitter), YouTube, LinkedIn and About.me. Email him at [email protected].