As cloud security requirements evolve, so too must the technology in your workplace — including the humble photocopier.
With the release of the OAuth 2.1 draft specification, cloud platforms such as Microsoft 365 and Google Workspace are tightening the requirements around how third-party devices — including multifunction printers (MFPs) — authenticate with their services. This shift has direct implications for how your office equipment handles scan-to-email workflows, cloud integrations, and secure access.
In this article, we unpack what OAuth 2.1 means, why it matters for your business, and what actions you need to take to ensure your device fleet remains secure, compliant, and operational.
What is OAuth 2.1? (And Why Should You Care?)
OAuth (Open Authorisation) is the widely adopted protocol that allows apps and devices to securely access user data without exposing credentials. It's what makes it possible for a user to scan a document from a photocopier and send it directly to their OneDrive or Gmail account without typing in a password every time.
OAuth 2.1 is an evolution, not a reinvention, of OAuth 2.0. It consolidates security best practices into a single, modern standard, designed to reduce risks and simplify implementation.
Key changes include:
- Mandatory PKCE (Proof Key for Code Exchange): Prevents interception of authentication codes during device-to-cloud communication.
- Deprecation of insecure grant types: The outdated “implicit flow” and password-based login flows are no longer allowed.
- Strict redirect URI matching: Only pre-registered, exact URIs are permitted, reducing phishing and token leakage risk.
- Prohibition of tokens in URLs: Access tokens must be handled securely in headers, not exposed in web addresses.
- As a result, OAuth 2.1 ensures safer, more robust integrations with cloud services — but also requires that connected devices are capable of supporting this new protocol.
Compliance and Security: Why This Update Matters
From a compliance standpoint, OAuth 2.1 aligns with industry expectations for strong authentication and minimal data exposure — crucial for businesses bound by standards such as ISO 27001, GDPR, and Cyber Essentials Plus.
More importantly, it helps mitigate common attack vectors:
- Man-in-the-middle attacks during scan-to-email or cloud-upload operations
- Token replay from cached or intercepted URLs
- Credential harvesting through insecure login prompts
- This update isn’t simply a technical footnote — it’s a real shift in how security must be handled for every network-connected device, including photocopiers and MFPs.
How Major Brands Are Responding to OAuth 2.1
At Landall Services, we’ve gathered the latest manufacturer insights to help our clients understand how the device market is adapting. Here’s a summary of where the major brands currently stand:
Canon
Supports OAuth2 with Platform 3.18
Most
imageRUNNER ADVANCE DX series devices already support OAuth2 once
upgraded to firmware Platform 3.18 — including existing fleets.
Action: Speak to your MPS provider about confirming firmware levels and scheduling updates.
Sharp
Supports OAuth2 on BP range devices
Sharp’s latest BP range of MFPs supports OAuth2 compatibility out of the box.
Action: Verify your model is within the BP range; older MX series may not support OAuth2.
Konica Minolta
Requires special firmware release
OAuth2 is not currently enabled by default. A special firmware can be applied to activate support.
Action: Contact your service provider to request the firmware and evaluate if your model is eligible.
Ricoh
Support arriving from July 2025 onwards
OAuth2 will be supported on ‘10 series’ devices via a firmware update expected in July 2025.
No confirmation yet on backward compatibility for older models.
Action: Begin auditing your Ricoh devices now to identify which models may require replacement or upgrading by mid-2025.
A Note on Third-Party Solutions
It’s important to note that even if a device’s native firmware doesn’t yet support OAuth2, manufacturers typically integrate with third-party solutions like uniFLOW or PaperCut to manage secure authentication and workflows. These solutions can provide OAuth2 support indirectly, ensuring that critical functionality is maintained — even if the device itself requires additional updates to connect directly to cloud services.
Recommended Next Steps for IT & Operations Leaders
Given the timelines and mixed device compatibility across brands, it’s essential to be proactive:
Audit your fleet – Record model numbers, firmware versions, and current authentication configurations.
- Review usage patterns – Identify devices using cloud integrations (e.g., OneDrive, SharePoint, Gmail, Dropbox).
- Plan firmware upgrades – Work with your MPS provider to deploy the latest supported firmware where possible.
- Prioritise replacements – Budget for refreshing any non-compliant hardware by mid-2025.
- Update IT policy – Ensure all new procurements are vetted for OAuth 2.1 readiness.
The Landall Advantage: Future-Proofing Your Print Security
At Landall Services, we don’t just supply print hardware — we consult, configure, and continually optimise secure digital workflows. Here’s how we support our clients in light of OAuth 2.1:
Fleet-wide OAuth audit to identify vulnerabilities and compatibility gaps
- Firmware upgrade scheduling to align with your IT and compliance calendars
- Policy-aligned recommendations that consider ISO, GDPR, and data protection requirements
- Cross-brand expertise to ensure your strategy is impartial and future-ready
- Whether you operate a single office or a national network, we provide the roadmap to keep your document workflows secure, efficient, and compliant.
Final Thoughts: Protecting data at every touchpoint
While much of the conversation around cybersecurity focuses on firewalls and software, devices like photocopiers often get overlooked — despite having access to sensitive data, user credentials, and cloud platforms. With OAuth 2.1, security expectations are evolving. Your print infrastructure must evolve too.