AirPrint MDM payload settings for Apple devices
AirPrint is an Apple technology that helps you create full-quality printed output without the need to download or install drivers. You can populate your list of available printers with AirPrint-enabled printers both on iPhone or iPad devices and on Mac computers enrolled in a mobile device management (MDM) solution. Use the AirPrint payload to specify which AirPrint printers your devices can print to.
The AirPrint payload supports the following. For more information, see Payload information.
Supported payload identifier: com.apple.airprint
Supported operating systems and channels: iOS, iPadOS, Shared iPad device, macOS device, macOS user.
Supported enrollment methods: User Enrollment, Device Enrollment, Automated Device Enrollment.
Duplicates allowed: True—more than one AirPrint payload can be delivered to a user or device.
You can use the settings in the table below with the AirPrint payload.
Setting | Description | Required | |||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
IP address | The IP address or fully qualified domain name (FQDN) of the printer. | Yes | |||||||||
Port | The port used to print to the printer. | No | |||||||||
Resource path | The resource path of the printer. | Yes | |||||||||
Use TLS | You can choose to use TLS to encrypt the data when sent to the printer. | No |
Note: Each MDM vendor implements these settings differently. To learn how various AirPrint settings are applied to your devices and users, consult your MDM vendor’s documentation.
Set up an AirPrint printer in Apple Configurator for Mac
You add AirPrint printer information to the AirPrint payload so that users of iPhone and iPad devices can print to known AirPrint printers. The Mac with Apple Configurator installed may not be on the same subnet as the printers you want your users to use. Here’s how you locate the IP address and resource path for the printers you want to add to the AirPrint payload.
To add AirPrint printers:
Click the Add button , decide whether you want to use TLS, then enter the IP address or fully qualified domain name (FQDN), along with the port and resource path, then click OK.
If you don’t know a printer’s IP address and resource path, do the following:
Connect the computer with Apple Configurator to the local network where the AirPrint printer is located.
Launch Terminal (located in the /Applications/Utilities/ folder).
In Terminal, enter
ippfind
, then press Return.This command shows printer information such as the following:
ipp://myprinter.local.:631/ipp/port1
In this example,
myprinter.local
is the name of a printer and/ipp/port1
is its resource path.Enter the following command:
ping
myprinter.local (replace myprinter.local with the name of a printer).After you run this command, press Control-C to stop it from continually running. The command repeats lines similar to:
64 bytes from 10.50.25.21:…
In the above example,
10.50.25.21
is the printer’s IP address.In Apple Configurator, enter the printer’s IP address and resource path.
Configure wide-area AirPrint
Some services, like AirPrint printers, have keys in the TXT record, which the device uses to identify the type of printer and its capabilities. The dns-sd -Z _ipp._tcp,_universal
command browses the local network for AirPrint-capable IPP printers and outputs the results in BIND-compatible zone file format. Copy and paste the PTR/SRV/TXT records for the AirPrint printers you want to make available into your authoritative server’s zone file. You can put the entries either into your main zone file or into a subfile called AirPrint, which you include using the $INCLUDE directive.
AirPrint devices don’t browse for all IPP printers—they browse only for the subset of IPP printers that support Universal Raster Format (URF). Therefore to make your printers discoverable by AirPrint devices, you must manually add one more PTR records for each printer. These records are identical to the PTR record that’s output by the dns-sd -Z
command, except that the name has _universal._sub
manually prepended on to it.
Here’s an example of the authoritative server’s zone file file, with the _universal._sub
line added manually:
@ PTR Office\032Printer\226\128\153s\032Wide\032Area\032Bonjour\032AirPrint\032Printer
_universal._sub PTR Office\032Printer\226\128\153s\032Wide\032Area\032Bonjour\032AirPrint\032Printer
Office\032Printer\226\128\153s\032Wide\032Area\032Bonjour\032AirPrint\032Printer SRV 0 0 631 fqdn-of-printer.betterbag.com.
Office\032Printer\226\128\153s\032Wide\032Area\032Bonjour\032AirPrint\032Printer TXT "txtvers=1" "qtotal=1" "rp=printers/HP_Color_LaserJet_9500" "ty=HP Color LaserJet 9500 MFP" "adminurl=http://222.178.203.72:19005/whst/63/_ennzadssdqaZfzbnlz9520//printers/HP_Color_LaserJet_9500" "note=Shared HP CLJ 9500; In DA7/4 Near Howard" "priority=0" "product=(HP color LaserJet 9500 MFP)" "printer-state=3" "printer-type=0xC0B0DE" "Transparent=T" "Binary=T" "Fax=F" "Color=T" "Duplex=T" "Staple=F" "Copies=T" "Collate=T" "Punch=F" "Bind=F" "Sort=F" "Scan=F" "p dl=application/octet-stream,application/pdf,application/postscript,image/jpeg,image/png,image/urf" "air=username,password" "URF=W8,SRGB24,CP255,RS600,DM1"
Here’s an example of the authoritative server’s zone file, with the $INCLUDE directive for the AirPrint list:
b._dns-sd._udp IN PTR @
lb._dns-sd._udp IN PTR @
$INCLUDE AirPrint _ipp._tcp