We have the following infrastructure

- full VMWare platform (internal network only)
- Azure - internal / external - corproate account
- Android suite of phones and tablets, can only access internal network via VPN
- iPrint 2.0 already installed, internal usage only using AD credentials
- We do have an MDM (BES12 / UEM) but this does not allow 'corporate workspace' type usage, for all intents and purposes the phones, even though they are managed, are off the shelf machines with an identical build


WE want the ideal scenario

- Full internal access to printers via desktops, no restrictions
- Mobile printing ideally without having to sign onto ANYTHING other than the iPrint client (which will store info anyway)
- Random web users who find the page cant install printers on their desktops

So to me, the best scenario is putting iPrint appliance on Azure, somehow locking down the iPrint webpage as we don't want members of the public installing printers as the desktop client does not need authentication by default or only allowing internal desktop clients (all on the 10.x.x.x ip address).

Has anyone got this kind of scenario and how did you solve it?