SureDeploy and Microsoft Intune: Protecting Student's Personal Information in Schools

As educational institutions increasingly depend on technology to augment student experiences, safeguarding confidential information becomes imperative. In this regard, SureDeploy and Microsoft Intune are useful since they provide strong solutions to guarantee the security and privacy of students' personal data.

Among the issues raised were disparities in the privacy policies and procedures between schools and the growing quantity of personal data that educational institutions were gathering in order to manage risks. Although the collecting is being done with consent, there may be more risks of improper disclosure, it has been stated.

Microsoft Intune: A comprehensive solution

Microsoft Intune is a cloud-based endpoint management solution. It manages user access to organisational resources and simplifies app and device management across your devices, like mobile device management (MDM) and mobile application management (MAM). It helps schools manage the devices students use to access school data, ensuring that they are compliant with school policies and protected against potential threats. Intune allows schools to control how devices are used, Android, Android Open-Source Project (AOSP), iOS/iPadOS, Linux Ubuntu Desktop, macOS, and Windows client devices (laptops and desktops). It can configure specific policies to control applications, protect data, and ensure that devices are secure.

Why schools need SureDeploy

SureDeploy is an automation platform designed for the management and maintenance of Microsoft Intune environments. SureDeploy ensures consistent and reliable updates and maintenance of devices through the management of policies and applications, enhancing security, compliance, and productivity for organisations. With extensive experience in deploying Intune across various sectors - including education - SureDeploy provides tailored solutions to meet diverse needs. Our comprehensive support and expert guidance ensure the seamless operation and ongoing maintenance of your Intune environment.

Enhanced security

SureDeploy and Intune provide advanced security features that protect students' personal information from unauthorised access. This includes encryption, secure access controls, regular security updates and preventing data leaks. 

• Encryption: Advanced encryption techniques are used by both SureDeploy and Intune to guarantee that data is sent and stored securely. This implies that without the right decryption key, data cannot be read, even if it is intercepted. 
• Secure access controls: By limiting access to sensitive data to authorised personnel, these tools offer secure access controls. Role-based access controls, multi-factor authentication, and frequent audits to make sure security policies are being followed are all part of this. 
• Regular security updates: The most recent security updates and enhancements are constantly added to SureDeploy and then deployed to your Intune environment. This keeps systems safe by guarding against fresh and developing threats. 
• Preventing data leaks: Stopping unintentional data leaks is one of SureDeploy most important features. Staff can prevent inadvertently disclosing student information to unapproved parties by enforcing stringent access rules/polices and app restrictions. This is essential for shielding kids from prospective hackers and guaranteeing the privacy of their personal data. 

Compliance with regulations:

• Mandatory application control: Application control mechanisms (AppLocker or Windows Defender Application Control) to restrict unauthorised app installations. 
• Enhance security baselines: Focus on key elements such as disabling SMBv1, enforcing multi-factor authentication, and blocking legacy authentication methods. 
• Patch management enforcement: Regular patching of both operating systems and applications should be enforced as part of compliance policies, ensuring devices remain secure and up to date. 

Efficient device management:

Managing multiple devices across a school can be challenging. SureDeploy and Intune streamline this process by offering centralised management, making it easier for IT teams to deploy updates, enforce policies, and monitor device health.

Data protection:

With SureDeploy and Intune, schools can implement data protection measures such as remote wipe, which allows IT administrators to erase data from lost or stolen devices. To better manage access to sensitive data - such as parent and student information - SureDeploy establishes a tiered user permission within Intune defining role-based access controls (RBAC) on every school device. Staff members such as administrative or IT staff, have higher-level access than teachers or students.

There is separation between school-owned devices and BYOD, ensuring strict policies for BYOD access and usage, as well as enabling BitLocker across all Windows devices. FileVault is used for macOS devices to ensure encryption is enforced on all endpoints.

White Glove pre-provisioning:

Further accelerates device setup, by pre-installing updates and apps before the device is handed to the user. SureDeploy optimises your processes, making operations more manageable for your IT team. Some SureDeploy customers have reported savings on additional full-time equivalent (FTE) positions, while others have expanded their team's capabilities.

SureDeploy offers local support in Australia, providing you with peace of mind through accessible and approachable experts who are ready to assist you with your Intune environment. 

Endpoint management sanity check

As an extension of the automation platform for deploying and managing policies and applications, SureDeploy also offers an Endpoint Management Sanity Check - a proprietary utility designed to evaluate Intune environments. Offered as a complimentary service, this tool enables schools to assess their configuration, adherence to best practices, and overall management of devices through Intune. Utilising Microsoft Graph, the utility systematically gathers data on:

• Device health
  - General device statistics
  - Device health reporting
• Policy coverage
  - A baseline of configured and applied policies across detected operating systems
• Application summaries
  - Identification of potentially problematic applications
• Group architecture
  - Policy and application provisioning to devices or users
• Data protection
  - Usage and enforcement of MAM

SureDeploy, provides metrics and targeted recommendations to enhance device, policy, and application lifecycle management.

Evaluation process

Based on the operating systems present and the ownership levels of the devices, SureDeploy will evaluate compliance with best standards and provide a score reflecting the number of configurations met or unmet and offer insights into potential additions or adjustments that could enhance your security posture.

Policy summaries by platform

Windows

• Compliancen - verification of adherence to prescribed standards.
• Microsoft Edge lockdowns - ensuring secure and restricted browser configurations.
• ASD Office 365 hardening lockdowns - application of stringent security measures recommended by the Australian Signals Directorate.
• Defender onboarding and configurations - integration and optimisation of Defender settings.
• Windows firewall - review and enhancement of firewall rules.
• Physical data protections - safeguarding physical access and data.
• Security baselines - implementation of foundational security measures.

iOS

• Compliance and device protection - ensuring devices meet security benchmarks and are safeguarded against threats.
• Data protection - implementation of strategies to secure sensitive information.
• Defender onboarding - incorporation of Defender for continuous monitoring.
• Application control - management and restriction of application usage.

MAM

• Compliance and enforcement - monitoring and enforcing compliance measures.
• Data protection - securing data within managed applications.

In summary

In conclusion, the value of implementing Microsoft Intune and SureDeploy in classrooms cannot be emphasised. These tools offer the security, compliance, and administration capabilities required to safeguard student privacy and guarantee a secure online learning environment.

Take the complexity out of Microsoft Intune deployments with SureDeploy. Elevate your device management capabilities and enhance your security score.