Before Microsoft Intune, students needed to sign in to a shared device before every lesson. Teachers couldn’t begin before everyone was signed in. Now, students can just pick a tablet and start working right away.
Anders Ljungdahl, Solution Architect, Education Office, Södertälje kommun
Today’s students are growing up in a digital world. They view laptops and mobile devices as all-in-one resources for both education and entertainment. This high level of comfort with technology can lead to amazing discoveries when a student is doing research. It can also result in careless clicking and security breaches. School systems around the world are seeking ways to extend the benefits of digital technology and the internet to students without endangering the network.
Secure access to technology for every student, teacher, and staff member has been a core concern, and that was the key lesson for schools across the Södertälje kommun school system in Sweden. The system educates about 15,000 students annually in preschools, primary schools, and optional upper-secondary schools offering vocational training and university preparation programs. It also offers ongoing adult education courses through a separate but related division.
Like with many schools, demand for mobile devices began to rise in about 2016. Individual schools across the municipality began purchasing mobile phones and tablets for use by staff and students, circumventing the school system’s IT department. There was no coordination or oversight between schools and the IT division. Some schools selected Windows devices, others opted for Apple iOS products, and still others chose Android. Different generations of hardware were also represented. Collectively, that meant staff and students were using hundreds of devices that were not under the school system’s control.
“We called those devices the ‘wild, wild West state,’” says Anders Ljungdahl, Solution Architect at Södertälje kommun. “The schools were purchasing devices from different resellers, or just buying them in stores, and managing them manually.” This lack of oversight created serious issues for the Södertälje kommun school system. The schools wanted to focus on teaching—not keeping the devices up-to-date and compliant. In addition, students were accessing websites and apps, requiring them to sign in and out of the devices repeatedly. This unregulated access to online resources presented significant security concerns for the team.
For individual schools, the primary issue was time. Each school was setting up its own devices manually, from loading applications to creating accounts. This might be easy with a single tablet, but it’s a huge time commitment for 100 devices. Even something as simple as signing everyone in to shared accounts could delay the start of class.
The IT team began reaching out to individual schools to discuss the issues and explain how consolidating device management at the school-system level would benefit everyone. In the meantime, the department began searching for a solution that could accommodate the disparate devices, operating systems, and hardware generations represented across the system. They soon learned that they already had access to the solution: Microsoft Intune.
We get a really good overview of our devices and all of the reports we can bring out of Microsoft Intune. With the reports and monitoring, we can make easy decisions about device management.
Anders Ljungdahl, Solution Architect, Education Office, Södertälje kommun
The Södertälje kommun government had invested in a mobile device management solution primarily for government but also used for school devices back in 2016. It was rolled out broadly to schools between 2017 and 2018. When the school system team renewed its effort to consolidate device management, it sought a new solution for schools. During discussions, the team realized it had access to the Microsoft Intune mobile device management system at no additional cost through its Microsoft 365 license.
The municipality conducted a pilot program that entailed moving its 5,000 Windows devices to Intune, including those “wild, wild West” devices from the schools across the system. “We had very good results with the Microsoft Intune pilot program,” Ljungdahl says. “None of the school devices were under our management before we started the pilot. As schools came onboard, we were able to start streamlining the entire device management flow, from placing purchase orders to onboarding users.”
Based on the pilot’s success, the Södertälje kommun school system migrated an additional 7,000 iOS and iPadOS devices. All have been fully incorporated into the system-level Intune, enabling the school system’s IT team to manage updates, applications, and identity. The team is now conducting a separate pilot to test Intune on approximately 70 MacOS devices that teachers and staff use at three separate schools.
The IT team is using Microsoft Entra for identity and access management across the school system. Now, students, teachers, and staff use Microsoft Entra to gain access to approved Microsoft 365 and third-party applications on school-owned devices and other third-party applications that support Microsoft Entra ID for sign-in. The latter provides a fast, easy sign-in experience across all school system assets. All users have a single identity for signing in, reducing password management needs. Microsoft Entra ID also provides strong authentication and risk-based, adaptive access policies, so IT can protect sensitive data without compromising experience for its users. The team is also now able to manage all associated identities and access for all owned applications across all devices in a central location.
The Södertälje kommun school system’s IT department uses the Conditional Access functionality of Microsoft Entra to address risk behaviors, multifactor authentication, and device compliance, among other concerns. The feature is currently in use, both tenant-wide and within some specific groups.
The school system has also begun adopting Microsoft Defender for Endpoint. “We’ve been using the auto-investigation and remediation features for our Windows devices,” Ljungdahl says. “Since that time, we’ve noticed big improvements in both automation and incident response.”
The school system’s IT team plans to build on this early success by broadening its adoption of Defender for Endpoint offerings. First, the team plans to implement Defender for Endpoint to its owned MacOS and iOS devices. Also under consideration: adding reduction rules to its owned Windows devices.
Tightening security on student devices is key to protecting young learners. “Entra identity protection together with Conditional Access gives us real-time security benefits against suspicious account activities,” says Ljungdahl. “Not only do our identities stay secure and up-to-date with the capabilities built into Entra—we can control each application and set rules and requirements based on different applications.”
Migrating classroom devices to Intune has greatly increased device security and compliance across the system. The cost benefit has also been significant. Intune is included in the system’s existing Microsoft 365 license, so money that would have gone to another mobile device management system can now be used for educational purposes. Moving to Intune has also simplified management. “Before we moved all our iOS and Android devices to Intune, we had another system. It could be difficult for new administrators to learn two systems at the same time,” continues Ljungdahl. “Now, we’re managing many different operating systems with Intune. The difference is our users and administrators don’t have to have an in-depth knowledge of every technology to manage them in Intune. We just set everything up in the background, and they can get started.”
The monitoring and reporting features have also made a big difference. “We get a really good overview of our devices and all of the reports we can bring out of Microsoft Intune,” Ljungdahl notes. “With the reports and monitoring, we can make easy decisions about device management.”
IT isn’t the only beneficiary. Moving to Intune has streamlined the experience for staff and students, freeing teachers from tech-support duty. “Before Microsoft Intune, students needed to sign in to a shared device before every lesson. Teachers couldn’t begin before everyone was signed in,” Ljungdahl says. “Now, students can just pick a tablet and start working right away.”
Find out more about Södertälje kommun on X, Facebook, and LinkedIn.
We had very good results with the Microsoft Intune pilot program. None of the school devices were under our management before we started the pilot. As schools came onboard, we were able to start streamlining the entire device management flow.
Anders Ljungdahl, Solution Architect, Education Office, Södertälje kommun
Follow Microsoft