Windows Protected Print (WPP): What Enterprise IT Should Do Before Microsoft's Deadlines Hit

Microsoft is ending third-party printer driver support on Windows across three deadlines through July 2027. When those dates hit, some printers stop working and your print attack surface changes. This guide tells you which printers break, when, and what to do in what order.

Windows Protected Print (WPP) is a Windows 11 and Windows Server 2025 mode that blocks third-party printer drivers from loading on the endpoint and routes all printing through Microsoft's IPP Class Driver. It requires Mopria-certified printers, or an equivalent IPP path, for printers to keep working. Administrators turn it on through Group Policy or Intune, and it is not enabled by default.

IT Directors

Security Leaders

Infrastructure Managers

Procurement

windows-protected-print-enterprise-guide

What You'll Learn:

Map Microsoft's three driver-servicing deadlines (January 2026, July 2026, July 2027) to your own environment

Audit your fleet against Mopria certification and isolate the printers that break
Evaluate four remediation paths for non-WPP-ready printers, and which fits which situation
Sequence a WPP rollout that removes driver mismatch as a category of support ticket
Translate the architecture change into your compliance posture (NIST 800-207, HIPAA, CMMC)

Frequently Asked Questions

Curious about how it all works? Here's everything you wanted to know about ezeep's cloud printing solution.

Windows Protected Print (WPP) is a security mode in Windows 11 and Windows Server 2025 that blocks third-party printer drivers from loading on the endpoint and routes all printing through Microsoft's IPP Class Driver. It requires Mopria-certified printers, or an IPP-capable path, for printers to keep working. Administrators enable it through Group Policy or an Intune profile.

WPP itself is admin-controlled and has no forced activation date, but Microsoft's driver-servicing plan runs on three deadlines. As of January 15, 2026, no new third-party drivers reach Windows Update for Windows 11 and Server 2025. On July 1, 2026, Windows prefers the IPP Class Driver. On July 1, 2027, third-party drivers receive security patches only.

Yes. A cloud print platform keeps the driver on a remote rendering node, so the Windows endpoint sends a driver-agnostic job and needs no third-party driver locally. That removes the dependency WPP blocks, which makes the endpoint WPP-compatible even when the printer is not Mopria-certified. ezeep renders jobs this way and documents WPP compatibility on that basis.