Enhancing Microsoft Universal Print with Celiveo 365: Adding Card Readers to Printers
Microsoft Universal Print has revolutionized the way organizations manage their printing infrastructure by moving key functionalities to the cloud. This modern, cloud-based solution eliminates the need for on-premises print servers, simplifies printer management, and enhances compatibility with virtual desktops like Windows 365 and Azure Virtual Desktops.
However, while Universal Print provides a robust foundation for cloud printing, many enterprises require additional features—such as secure user authentication via card readers—to meet their security and operational needs. This is where Celiveo 365 steps in, seamlessly extending Universal Print’s capabilities by integrating card reader support on compatible printers. Here’s how it works and why it matters.
The Role of Celiveo 365 in Microsoft Universal Print
Celiveo 365 is a native Azure Software-as-a-Service (SaaS) application designed to complement Microsoft Universal Print. It builds on Universal Print’s cloud infrastructure by adding advanced print management features, including secure pull printing, AI-powered Data Loss Prevention, advanced detailed Power BI usage tracking, and, notably, user authentication through card readers. This extension is particularly valuable for enterprises that prioritize document security and need to ensure that only authorized users can access print jobs or multifunction printer (MFP) functionalities.
One of Celiveo 365’s standout features is its ability to integrate card readers into supported printers, enabling a seamless and secure authentication process. This capability leverages from the Zero-Trust-Access architecture, that Celiveo employs, ensuring that every commnication between the printer and Azure and Universal PRint is verified usng a certificate chain and encrypted, safeguarding sensitive documents in a public cloud-based environment.
The Role of Card Readers in Secure Printing
In traditional printing environments, securing access to printers and sensitive documents often relies on physical authentication methods like card readers. These devices allow users to swipe or tap a contactless card (e.g., RFID like Mifare, DESFire, HID or Legic, NFC-enabled ID badges or NFC mobile) to authenticate themselves at the printer before releasing print jobs or accessing MFP functions like copying and scanning. This process, often paired with pull printing (where jobs are held in the cloud until released by the user), ensures that documents are only printed when the authorized user is physically present, reducing the risk of sensitive information being left unattended at the printer.
Microsoft Universal Print, while secure in its cloud transmission and integration with Microsoft Entra ID, does not natively support card reader authentication on printers. Celiveo 365 bridges this gap by adding this critical functionality, making it an ideal solution for industries like healthcare, finance, and education, where data security is paramount.
How Celiveo 365 Adds Card Reader Support to Universal Print
Celiveo 365 integrates card readers into the Universal Print ecosystem through a combination of its intelligent printer agent and cloud-based management tools. Here’s a step-by-step explanation of how it works:
1 – Printer Compatibility and Hardware Setup
Celiveo 365 supports a wide range of printers and MFPs from leading manufacturers including HP FutureSmart (FS3 to FS5), Lexmark eSF, Ricoh SOP (2.0/2.5/3.0), Fujifilm Apeos (7.2 and newer), and Xerox VersaLink/AltaLink models. To enable card reader functionality, a compatible card reader must be physically installed on the printer. Celiveo supports many standard card readers available on the market such as HID Omnikey, Elatec or RFIdeas, which can be purchased separately and connected to the printer via USB or other supported interfaces.
2 – You can use any LAN printer with Microsoft Universal Print, even the many that are not compatible with it
Printers that are not compatible with Microsoft Universal Print or don’t support USB card readers can be used seamlessly with Microsoft Universal Print using the Celiveo 365 Universal Printer Endpoint service, the card reader and badges are replaced by the user NFC mobile providing both Entra-ID authentication and print jobs selection for release. The printer screen is deported to the NFC phone, no app is required to allow BYOD usage, iOS and Android are supported and print jobs benefit from dual data encryption from the Cloud with Zero-Trust-Access certificate-based authentication.
3 – Celiveo Intelligent Printer Agent communicates with Azure and Universal Print
The core of Celiveo 365’s functionality lies in its intelligent agent, which runs directly on supported printers. This agent communicates securely with Universal Print and Azure, handling tasks like job decryption, user authentication, and printer interaction. When a card reader is attached, the agent is configured to recognize it and process authentication requests when a card is swiped. The agent processes card data locally at the printer level using a High Availablity encrypted cache of SHA2 user ID, ensuring very fast performance and reducing reliance on constant cloud communication—critical for high-availability scenarios. Printers that do not support the printer agent can benefit from the Universal Printer Endpoint described above.
4 – User Authentication with Cards against Entra ID for Universal Print follow-me, MFP walkup access control
When a user approaches a printer and taps their contactless card on the reader, the Celiveo 365 agent reads the card’s unique identifier (e.g., an RFID tag or employee ID number). This identifier is converted to a SHA2 securely matched against the user’s profile linked ot the Microsoft Entra ID profile, which Celiveo 365 integrates with natively. If the user is authenticated, they gain access to their pending print jobs or other MFP functions (e.g., copying or scanning), depending on the organization’s configured policies.
5 – Advanced Pull Printing Integration inside Microsoft Universal Print
Celiveo 365 enhances Universal Print with advanced secure pull printing, where print jobs are held in Azure until the user authenticates at the printer. After card authentication, the agent running inside the printer retrieves the encrypted print jobs from Universal Print using a unique high-speed, dual encryption communication channel, displays the print job list and details, allows to change settings like forcing to B&W or multicopy, then decrypts them locally, and releases them to the printer engine. This ensures that documents are only printed when the authorized user is present, adding an extra layer of security. Print speed and security are also improved as documents do not use the rather slow IPP protocol to reach the printer from Azure, but a low latency direct TCP communication getting the AES256-GCM-encrypted print jobs from Microsoft Universal Print queue. Celiveo also adds post-processing support such as staping and punching, powerful print rules to control who can print what, from preventing printing a 300 pages document on a small printer to AI-based Data Loss Prevention (DLP). DLP analyzes print jobs pages to detect information that should never be printed such as PII and PHI, Personally Identifiable Information and Protected Health Information.
6 – Simplified Administrator Configuration for mass deployment of Microsoft Universal Print
IT administrators manage the card reader setup through the Celiveo Web Admin portal, a centralized, web-based interface meant to manage easily thousands of printers. It includes the Universal Print queues management, providing a unified management portal, and tehre is no need to register printers in InTune or Universal Print. Here, they can add automatically printers, create, configure and edit Microsoft Universal Print queues, configure authentication rules, define print rules and assign printer access permissions. The portal integrates deeply with Universal Print and Microsoft Entra ID for SSO and group-based rules, allowing admins to streamline deployment and ensure compliance with organizational security policies.
7 – High Availability and Offline Support keep productivity high during network outage
A key feature of Celiveo 365 is its high-availability design. Even if the internet connection drops, the Celiveo printer agent caches cards and PIN SHA2 and authenticate locally, allowing card-based authentication to continue functioning for basic tasks like copying.
Benefits of Card Reader Integration in Universal Print with Celiveo 365
- Universality: Celiveo allows to support any LAN printer with IPP2.0 support, even those that do not support card readers. It means you can easily use Universal Print on all your printers, without the enrollment pain and compatibility issues.
- Enhanced Security: Card-based authentication ensures that only authorized users can access print jobs, reducing the risk of data breaches, and benefit from standard AI-DLP, Data Loss Prevention capablity powered by AI.
- Compliance: Meets regulatory requirements for industries needing strict access controls and audit trails.
- Convenience: Users can authenticate quickly with existing ID cards, eliminating the need for separate PINs or manual logins, and that authentication also controls copy, email, scan functions on multi-function printers
- Cost Efficiency: Eliminates the need for on-premises servers or gateways, remove all print-related software and agents on PC, leveraging Universal Print’s cloud infrastructure.
- Scalability: Supports organizations with diverse printer fleets, from modern MFPs to legacy IPP-compatible devices, using Celiveo 365, an elastic SaaS built on PaaS
Practical Use Case
Doctor in Hospital using Microsoft Universal Print and card readers
Conclusion
Celiveo 365 transforms Microsoft Universal Print into a robust, enterprise-ready solution by adding many features such as card reader support for secure, user-authenticated printing. Through its intelligent printer agents, cloud-based management, AI-DLP and seamless integration with Azure and Entra ID, Celiveo 365 bridges the gap between Universal Print’s simplicity and the advanced security needs of modern organizations. For businesses looking to eliminate print servers, eliminate print agents on PC, enhance document security, and streamline workflows, this combination offers a powerful, future-proof printing solution.
As of 2025, Celiveo 365 continues to evolve, supporting an expanding range of printers and authentication methods, making it an ideal partner for Microsoft Universal Print in the cloud-first era.
Mary Woodcock
Celiveo
List of card types read by the card readers for Microsoft Universal Print supported by Celiveo 365
information is provided as a courtesy only. Contact card readers manufacturers and resellers for validation as restrictions may apply or options may be required to read specific cards. More information here.
| Authentication Card Type | Supported |
|---|---|
| Apple™ wallet ID (iOS) | ✓ |
| AWID | ✓ |
| aptiQ™ MIFARE® CSN | ✓ |
| Bosch ReadyKey Pro UID | ✓ |
| Cardax UID | ✓ |
| CASI-RUSCO | ✓ |
| CDVI | ✓ |
| CEPAS CAN* | ✓ |
| Corbin Russwin® UID | ✓ |
| Cotag* | ✓ |
| Deister UID* | ✓ |
| DESFire CSN | ✓ |
| DIGITAG | ✓ |
| Dimpna UID* | ✓ |
| EM 410× (4100, 4102, 4105, 4200) | ✓ |
| Farpointe Data Pyramid | ✓ |
| Farpointe Data Pyramid UID* | ✓ |
| FIDO 1 / FIDO 2 NFC | ✓ |
| Google Wallet ID (Android) | ✓ |
| GProx-II UID | ✓ |
| GProx-II ID* | ✓ |
| HID™ Crescendo/td> | ✓ |
| HID™ iCLASS™ CSN | ✓ |
| HID™ iCLASS SE™ technology | ✓ |
| HID™ iCLASS Seos™* | ✓ |
| HID™ Mobile Access™* | ✓ |
| HID™ Prox | ✓ |
| HiTag 1 CSN | ✓ |
| HiTag 2 CSN | ✓ |
| HiTag S CSN | ✓ |
| Honeywell Nexwatch | ✓ |
| ID Teck UID | ✓ |
| ID Teck Alternate (128 Bits)* | ✓ |
| Indala 26 bit / 40134 (Motorola) | ✓ |
| Indala ASP UID | ✓ |
| Indala ASP+ UID | ✓ |
| Indala Custom Formats:contact rf IDEAS sales | ✓ |
| ISO 14443A CSN | ✓ |
| ISO 14443B CSN* | ✓ |
| ISO 15693 CSN | ✓ |
| ISONSAS™* | ✓ |
| I-tag CSN | ✓ |
| Infineon my-d™ CSN | ✓ |
| Kantech ioProx | ✓ |
| Keri KC-10x UID | ✓ |
| Keri KC-26x | ✓ |
| Keri NXT UID | ✓ |
| LEGIC Advant CSN (ISO 15693, 14443A) | ✓ |
| LEGIC prime CSN | ✓ |
| LEGIC Segment | ✓ |
| NEDAP Prox* | ✓ |
| NFC Type 1 CSN* | ✓ |
| NFC Type 2 CSN | ✓ |
| NFC Type 3 CSN* | ✓ |
| NFC Type 4 CSN | ✓ |
| NXP ICODE® SLI CSN | ✓ |
| NXP MIFARE Classic CSN | ✓ |
| NXP MIFARE Classic Secure Memory | ✓ |
| NXP MIFARE DESFire CSN | ✓ |
| NXP MIFARE DESFire EV1 CSN | ✓ |
| NXP MIFARE DESFire Secure Memory | ✓ |
| NXP MIFARE Plus CSN | ✓ |
| NXP MIFARE Ultralight CSN | ✓ |
| Oyster CSN | ✓ |
| Paradox | ✓ |
| Philips/NXP | ✓ |
| Postech | ✓ |
| RF Logics UID | ✓ |
| Rosslare | ✓ |
| SecuraKey-02 Radio Key® | ✓ |
| SecuraKey e*tag® CSN | ✓ |
| Sony FeliCa CSN* | ✓ |
| TechnoGym (Key Fob) CSN* | ✓ |
| Texas Instruments Tag-It CSN | ✓ |
| Urmet* | ✓ |
| XceedID® MIFARE® CSN | ✓ |
