How authentication and identity governance help protect schools

According to the U.S. Government Accountability Office, school staff were responsible for most of the accidental security breaches plaguing schools between 2016–2020, with students responsible for most of the intentional breaches (the bulk of incidents being to—perhaps unsurprisingly—change grades).

According to the U.S. Government Accountability Office, school staff were responsible for most of the accidental security breaches plaguing schools between 2016–2020, with students responsible for most of the intentional breaches (the bulk of incidents being to—perhaps unsurprisingly—change grades). 

As the 2022 Cost of Insider Threats: Global Report reveals, insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to $15.38 million. We recognize that cybersecurity is a top concern in education—from IT professionals who provide frontline support to technology decision makers that purchase services—and our cybersecurity solutions reflect both their needs as well as our expertise as a leading security company. 

Microsoft Information Protection and Governance, included with Microsoft 365 Education A5, provides built-in, intelligent, and extensible solutions to help schools and districts to secure their data wherever it lives or travels. It allows school IT to enable secured and compliant collaboration with data loss prevention policies that help avoid leaks and restrict external sharing of sensitive data, while providing the ability to configure protection and governance labels and locate sensitive data and understand how it is being used. 

Meeting the unique security needs of schools

Microsoft Purview Communication Compliance helps to minimize communication risks by helping schools to detect, capture, and act on inappropriate messages in their organization.  

Let’s say that a local high school has issued their students laptops for school use. To mitigate student harassment within the school’s network, the IT team creates communication compliance policies. Since students communicate via Microsoft Teams, they created a policy to monitor Teams for any profanity or harassment. With the policy in place, teachers of specific classes and school admin will be notified when the system flags harmful messages. Teachers and admins can then investigate the issues and even work with IT to remove messages to limit exposure! 

An IT team sitting in a school office and working on a laptop together.
A school IT team working together. Microsoft 365 Education helps schools and districts establish a simple, secure, and efficient technology environment that maximizes learning.

Data loss prevention is another crucial issue schools face due to the extensive exchange of sensitive data in a school’s message systems. To enforce compliance requirements, data loss prevention features make managing sensitive data easier than ever before. 

School districts often rely on third party organizations to help with classroom curriculum and evaluate the effectiveness of school programs. Student scores can be shared to help with these efforts but—to ensure personal student information isn’t shared outside of the district—the school district’s IT department needs to create data loss prevention policies for student information. If there is an attempt to share information with anyone outside of the school, the rule will go into effect and interaction will be flagged. School IT can block access to the records being shared and—in some cases—prevent the initial communication containing the personal records from being delivered. 

Microsoft Purview Information Protection helps organizations discover, classify, and protect sensitive data wherever it lives and travels. It provides tools to understand a school’s data, protect it, and prevent data loss. 

For example, a middle school might want to ensure that staff aren’t accessing sensitive school resources on their unmanaged home devices. To ensure that the school’s data is protected, the IT department leverages Microsoft Purview Information Protection to protect sensitive student information such as student records from being accessed on unmanaged devices. If a staff member tries logging onto their school account from their personal device to access their records, this action will be denied. The school’s IT department can set up similar protections for other applications and sensitive data from unmanaged devices. 

A trusted name in security

Microsoft believes that when students, educators, and staff work in a secure and trusted platform, everyone can achieve more. With Microsoft security solutions, schools and districts can improve their risk and compliance posture, safeguard data wherever it lives, better understand and govern this data, and streamline their overall privacy management. 

Microsoft is consistently recognized as a leader by industry analysts. In recent years, Microsoft has been named a six-time Leader in the Gartner® Magic Quadrant™ for Access Management, rates a strong positive in each KuppingerCole’s product and leadership category, and was named Company of the Year for the Global Identity and Access Management industry by Frost & Sullivan

Almost all of a district’s identity management needs can be taken care of with Microsoft Entra, a security product family that unites management in a unified platform. Entra works with tools like Microsoft Entra ID, Intune, and School Data Sync to connect accounts and data intuitively and securely in ways that make sense for education and save IT administrators time.  

With Microsoft Entra ID and Microsoft Entra ID Governance, school IT can enable unified SSO access and enhance security with multi-factor authentication (MFA) and apply least-privilege and just-in-time access policies to safeguard a school’s administrator accounts. 

Microsoft Purview security solutions

  • Microsoft Purview helps keep school data safe with a range of solutions for unified data governance, information protection, risk management, and compliance, providing everything from data auditing to insider risk management. 
  • Microsoft Priva helps schools and districts to protect personal data and keep up with ever-changing and complex privacy requirements by identifying user data and critical privacy risks and automating risk mitigation.  
  • Microsoft Purview Compliance Manager offers schools 100 pre-built assessments for common compliance standards and regulations, or custom assessments to meet a school or district’s unique compliance needs. 

In a comparison of Microsoft Purview Data Loss Prevention and Google Cloud Data Loss Prevention on, reviewers found that Microsoft Purview Data Loss Prevention better met the needs of their business than Google Cloud Data Loss Prevention. When comparing the quality of feature updates and ongoing product support, reviewers felt that Microsoft Purview Data Loss Prevention was the preferred option. One reviewer noted that “[Microsoft Purview Data Loss Prevention] has the best data governance capabilities, data discovery and data analytics.” 

A solution for every role

Protecting student data is a primary concern for school and district IT departments. Microsoft Purview Compliance Manager creates a risk-based compliance score and provides actionable step-by-step guidance on improvement actions. Even better, schools can use pre-built templates for compliance with standards including COPPA (Children’s Online Privacy Protection Rule) and CIPA (Children’s Internet Protection Act)

District and school leaders are tasked with preserving student safety and privacy. By protecting school data, leaders maintain community trust and avoid costly data breaches or recovery costs. Leaders in Prince William County depend on Microsoft Purview Communication Compliance to protect its users and data.  

Data breaches can also interrupt learning and hinder parental trust. Teachers can depend on Microsoft Education A5 security to keep their classrooms FERPA (Family Educational Rights and Privacy Act) and CIPA compliant. 

Together, we can quickly identify and act

Microsoft security solutions helps schools to identify data risks and manage regulatory requirements, protect sensitive data across apps, clouds, and devices (even if it’s not stored on Microsoft platforms), and gain visibility into all your school’s sensitive data and manage assets across your entire environment.  

Schools need to be able to quickly identify and act on insider risks with an integrated end-to-end approach. Schools with Microsoft 365 Education A5 security can rely upon Microsoft Purview Insider Risk Management for dynamic controls and automated mitigation.  

Want to learn more? Grow your cybersecurity knowledge and skills with these resources: