IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

How Schools Are Managing New Devices With Microsoft — ICYMI

Joe Cicero spent much of his career in the classroom before joining Microsoft to evangelize the benefits of remote device management for schools. Here he discusses all the new ways schools have found to make tech work.

Technology in the classroom has been in a constant state of evolution, from slate and chalk to modern technology such as laptops and smartboards. Teachers and administrators are seemingly always on the lookout for the most interactive, accessible and affordable tech to help students learn.

Many schools needed to transition to distance learning on the fly when the COVID-19 pandemic forced them into hybrid or remote learning. Suddenly, schools coped with technology that wasn't necessarily designed for that purpose.

Previously, the "In Case You Missed It" crew spoke with Joe Brazier, K-12 strategy lead for Microsoft's education team, about how remote learning changed the technology needs of teachers and students.

For this episode, Dustin and Joe spoke with Joe Cicero, who began his career as a high school teacher, but then joined Microsoft as a senior program manager to help schools transition to cloud-based device management.



The following interview was lightly edited for clarity and brevity:

Q: Tell us a little bit about yourself, your background as a high school teacher and your work in Microsoft.

A: Education is all I know. I grew up on an old dairy farm. I lived in New York in the middle of nowhere, upstate New York. And the coolest thing, the most exciting career that I could have growing up, was to be a teacher. They were the folks in my neighborhood who had the nicest houses and they had summers off. So that was my career path. I taught in the Rochester City School District. And it was there I really learned about technology and how it could bring hope to a lot of the students I was working with. Obviously students everywhere have had certain challenges to overcome. As a new teacher, I had a lot of challenges to overcome. It was during this time period where we were seeing more technology in the classroom — going from overhead projectors to digital projectors to the idea of mobile tech carts where kids could get a laptop. And that set me off on a journey into technology. And now I get to sit at Microsoft as an engineer working with our global partners. I work with them as we develop new products so that they can bring it to schools around the globe, and be able to make these more easily managed devices really make the experience a lot better.

Q: How have the events of the last 24 months reshaped the thinking around devices, distance learning and learning in general?

A: When I was a teacher I'd offer professional development training. And we'd have to beg teachers to come to learn about how they could use tech in the classroom. It wasn't very exciting. They still had a lot of curricula that they were using. I had to come up with raffle items to get people to attend. And teachers during this time have become very thirsty for technology that can better motivate and better connect with students.

Over the last 24 months or so, since the pandemic started, schools went remote. That meant students didn't need to go to physical school. However, I heard all of these stories of students still going to the school building. Their parents were still driving them to school. What was happening is schools were having to issue laptops, right? If you weren't a one-to-one school, you needed a laptop, because there was only so many worksheet packets you could hand out. Maybe the first couple of weeks they went to school and they got books of worksheets to do, but eventually there was a move to handing out laptops, and some handed out existing inventory. A lot of those students had to come back to the parking lots in order to get the updates in order to get the latest version of an app installed. So even though the school buildings were closed, they were almost being reconfigured as distribution centers for technology, for remote learning, and for updates that could have been remote but weren't remote for that school yet.

And then even the community centers turned into these mobile distribution spots to get your laptops, get your Wi-Fi cards, and all of the excitement that created both positive and negative of bandwidth limits. And how do we make sure that kids at home can use the technology to log in to connect to Mr. and Mrs. Smith's class and get back to social studies?

Q: Have you ever seen anything like this before? Like everything that's going on with the K-12 market right now?

A: We've never had this amount of technology that was purpose-built for education. That's one thing. And we've never had such a screaming need for it. If school is closed tomorrow — I live where it snows; we don't have snow days anymore, and that makes people a little upset because there's something nostalgic about the snow day — but if a student can't go to school, now we have the technology possible that they can log in, they can get their assignments, they can still collaborate. There's all of these options. So there is this remote learning piece. But there's also this added benefit of things that you can do with technology that you never could have done in the classroom: virtual field trips, citizen science, being able to actually dig in and do a lot of stuff that otherwise I personally couldn't have done in my classroom.

Q: So through the combination of federal funds and standard budget, school districts have been procuring low-cost laptops at numbers that we've never seen before. How are you seeing districts manage all of these devices? Are there any challenges involved?

A: Yes, there are challenges. Pre-pandemic, there was a lot of customers who were legacy managing their devices. They had an on-premises device management, GPO, SCCM, a lot of this Microsoft infrastructure that schools struggled to manage even when it was on premises. But they were making it work. They were re-imaging Windows devices every year. They were going through a gold image process of figuring out what every device is going to look like from an operating system perspective, what applications are going to be on there, and then they were cloning the devices every single year.

Now what we've seen ... post-pandemic, or during the pandemic, is that all of these things that we were doing required a lot of physical touching of the device. It really required IT to be on site for the staff, the student user to be on-site.

With the pandemic, there became awareness of these cloud-based management solutions, right? I don't need to be in my office, the student does not need to be on-site in order to get the policies, in order to get the applications, in order to get the updates. And we've seen a lot of growth in our Intune for Education product because whereas pre-pandemic we were running around the planet evangelizing the good news about cloud-based device management, faster logon times or in the middle of class being able to push apps. The need became very relevant during the pandemic and we saw an increase in adoption. So now we see schools that are using Intune for Education to manage devices alongside Autopilot. Autopilot means that the device comes pre-enrolled to the school, to the student, to the user so that the user can get the device and just start learning.

So at the school level we've seen laptops directly shipped to students at their home so that no one had to touch the device. And they get that experience of opening up that brand-new Surface SE and getting a nice smell of newness as they log in, not having to wait on IT to image it, asset tag it, enroll it, make sure it has all of the updates. It's getting rid of all of those steps and saying let's just get the student, get the staff member the laptop. Let Autopilot enroll and let Intune for Education manage it.

Q: What are some of the the changes that you forecast seeing in terms of the experience in expectation and the road ahead in terms of life cycle management with these devices?

A: Before the pandemic, it was all about shared carts. Shared carts were very popular. Even in my former schools I worked in, we would buy thousands of devices. And we put them in carts and we could roll the cart around. And sometimes we would do some type of fake one-to-one initiative where the student had a number in every classroom. They go in, they pull the device out of a cart and get to work. And from Microsoft's standpoint, we invested a lot in shared PC mode, which made it so that kids could log into multiple devices, and it would slow them down. Because if you've ever worked in a traditional computer lab, they start the year fast, and they get slower over time because they have multiple users using them. So that was a lot of our engineering work pre-pandemic, with the pandemic now seeing the birth of one-to-one. Every school went one-to-one that possibly could go one-to-one. They did it in creative ways, and tried to piecemeal it together wherever possible. But that changes how you do business, right?

You have all these carts that are no longer being used, and you have every student with a laptop. What does that look like for your help desk? How are you going to service these? And what if you adopted cloud management during this point, whether using Microsoft Endpoint Manager or Intune for Education?

But with one-to-one, we now have also break-fix, right? So when a computer would break in a computer lab or on a shared cart, the teacher would probably open that ticket, let the help desk person know or the school's IT person know. This device has a cracked screen, let's fix it now. Now it's pushed on to that student. Oh, that student has a broken device — what do we do now? Some schools will sell insurance policies. I know from my daughter's school, we buy an insurance policy that if her laptop breaks, it's covered for it to be fixed. There's been that shifting of responsibilities there.

There's also some technical requirements of, "Oh, well, the laptop is broken and I need to replace the motherboard." And with the Surface SE laptop, it's the first Surface that a school is going to be able to take apart and replace parts in it. As you service it [you] might lose some of those unique identifiers that let Microsoft know that the school owned it and what that device was. So we have a program out there called Set up School PCs, which is an application that allows IT administrators to quickly create a USB provisioning package, and put it into the side of new devices or newly reset devices that re-enrolls them or gets them enrolled in Intune for Education.

Especially when we're talking about equity, we can't have one student that's having a horrible learning experience because his or her screen broke. So [we] see a lot more work with hot-swap devices. I'm not going to wait at help desk, I'm gonna send the student to the help desk to provide their device that's broken and needs fixing. But I also expect IT to give that child a loaner device or to just replace that device, right?

In a cloud-managed device, we don't need to rebuild Johnny's computer. Johnny's computer can be fixed and then reassigned later to somebody else. We can just give him a new one, have him sign in with his Azure Active Directory account (that sounds kind of technical; it's his Office email), so that Minecraft will be automatically installed from the cloud by the time he's back in history class. He's not missing out on learning, right?

Q: There's unprecedented funding that's available for these districts that are out there to do all kinds of different technology improvements. One of the elephants in the room is always around compliance. Is there any impact with compliance related to this unprecedented federal funding available to school districts?

A: Yeah, account for your technology. If it went home, hopefully it's coming back. Because people are going to ask where it went. There's many horror stories out there. If you bought it for student use, is it being used by a student? If you bought it for staff use, is it being used by staff? If you're having to refresh it, are you keeping track of all the serial numbers? Do you have good asset and inventory management so that when one device has to be swapped out or mailed, then you've got a replacement coming in that you know exactly what that is?

I also want to touch on the funding piece, because I think it's created a little bit of a curve in how we purchase technology. Oftentimes, we'll try to purchase laptops in small batches over a period of years, so that there's a sustainability to it. If I buy a laptop for my students, I expect that laptop to last three to five years. And then at the end of that time period I'm going to buy another set of laptops, right? And schools try, you know, try to space this out, so they're not going to buy a million laptops in a year. So there's a lot for schools to think about here, especially if they've used grant funding to purchase laptops. Or if they're using grant money to purchase laptops today, are they doing it in a way that's sustainable? Because the government grants that exist to go one-to-one today might not exist five years from now when there's a refresh.

Also calculate breakage rates, right? Devices will break because students or teachers will spill coffee on a laptop; students will do creative things to destroy their device. And a lot of schools calculate breakage rates differently. Ten to 15 percent a year could break and when we're talking one-to-one, that can be a very significant number. So how are you planning for that? Some folks will do overbuys where they'll purchase 10 or 15 percent more than they actually need so that as devices break, they have those hot-swap replacements. Others will not and will try to do some repair on their own.

But I think schools looking toward the next couple of years are going to have to see if they can do some early refreshes if possible, even if they don't plan on deploying right away so that they don't get to year five and realize that they have, you know, 50,000 laptops to replace and there's no government program that's going to make that possible.

Otherwise, you're going to end up with students with an eight-year-old laptop. So try to plan ahead knowing that your laptops might be really shiny right now. But you should start thinking about that every year and budgeting that in so it's not going to be a painful surprise.

Q: The other elephant in the room, and a hot topic across school districts around the country, is cybersecurity. Tell me a little bit about how K-12 organizations should be approaching cyber and cyber resilience.

A: It's a balancing act with education. I work with folks in the energy industry, in the financial industry. When I work with those CTOs and those CISOs, they have security operation centers. They have blue teams that are going around finding insider threats. They have teams looking at external threats. It's a huge part of their business to protect their data and their data has financial value attached to it.

Schools also have very important data. Yeah, sure, they have financial data, but the most important data that they have is their users, is their students, right? As a parent and former teacher, we care a ton about that student data and student privacy. We really are trying to protect that knowing that there are some limits on what a school can do to create security.

That makes sense, right? We're not going to have kids running around with FIDO keys and having biometric scans in order to access information. At some point there's going to be some barriers to what we can ask staff and students to do in an education environment. That doesn't mean that the work is any less noble or important.

The first thing to recognize is security is more than a strong password. Obviously, you need that to at least start somewhere. But some simple things are possible for schools to do. And we can take small steps that eventually lead to creating some type of security operation center for the school, even if it's going to be more ad hoc; a couple IT admins who are going to see the security. Some small steps are MFA, multifactor authentication, for admins. Go do that. The second thing is to look at MFA for your teachers, your staff. What does that look like? Can you have them authenticate with a phone app? Can you use the Microsoft Authenticator app? It's a great step.

If it is complex passwords, make sure that the passwords are not easily findable, especially for our students. Have them create unique passwords, frequently update the passwords, have them change the passwords. Depending on the school, they might be very comfortable with turning on Windows Hello, which allows your face to unlock your device that gets you to more of a password-less experience. But all of those are small steps.

From a user-security standpoint, then there's also the device security, right? And Microsoft and Windows, we're publishing updates monthly for security. Make sure your devices are patched, make sure you're using Windows Defender to get all of those updates in Intune for Education. You can set it so Windows Defender is running nightly. Because now we have all these endpoints that are accessing the network in interesting ways. It's not just the schools and the devices in the library in the school ... the laptop could be with a kid on a cruise ship in the Bahamas — good for the kid. But now this creates a whole interesting realm of how's the kid accessing data? Do we want to track login locations? Do we want to turn on something called impossible login so that if the same student is logging in from multiple places, this is going to red-flag the account? What are some simple things that we can do that are not hiring a 30-person security center? Knowing that at some point, we're going to eventually get to more of a security operations center model.

And then just like how large companies have these blue teams that are going out and looking for these threats. Maybe this is an internal hackathon that you as an IT team can put together where you take a take an hour or take a couple hours looking through your network. You're going to look through your posture and figure out where your issues are.

Maybe it's SharePoint. Maybe you need to tighten up some sharing, maybe it's passwords, maybe you have some utility accounts that you've created that have admin rights. So maybe you at some point created a printer utility admin account. And now that account access is many things that it shouldn't be. Maybe at some point you had a contractor come in and do some work and you gave them an admin account, but you never removed it. There's a lot of cleanup. So staying up to date cleaning up your accounts, and MFA for your admins, making sure you have passwords and then looking at what those next steps are — maybe Windows Hello, maybe multifactor.


Microsoft Education provides schools with solutions, technologies and education expertise to accelerate opportunities for all learners.

For more info on how Microsoft is helping schools, educators and students, visit their Microsoft Education website.

Follow Microsoft's education resources here: LinkedIn | Twitter | Facebook


“In Case You Missed It” returns on May 6.

“In Case You Missed It” is Government Technology’s weekly news roundup and interview live show featuring e.Republic* Chief Innovation Officer Dustin Haisler, Deputy Chief Innovation Officer Joe Morris and GovTech Assistant News Editor Jed Pressgrove as they bring their analysis and insight to the week’s most important stories in state and local government.

Follow along live each Friday at 12 p.m. PST on LinkedIn and YouTube.

*e.Republic is Government Technology’s parent company.
Dustin Haisler is the Chief Innovation Officer of Government Technology's parent company e.Republic. Previously the finance director and later CIO for Manor, Texas, a small city outside Austin, Haisler quickly built a track record and reputation as an early innovator in civic tech. As President, Haisler drives exponential growth, implements new ideas and promotes a corporate culture that rewards creativity. Read his full bio.
Joseph Morris is the Chief Innovation Officer of <i>Government Technology's</i> parent company e.Republic and a national keynote speaker on issues, trends and drivers impacting state and local government and education. He has authored publications and reports on funding streams, technology investment areas and public-sector priorities, and has led roundtables, projects and initiatives focused on issues within the public sector. Joe has conducted state and local government research with e.Republic since 2007 and knows the ins and outs of government on all levels. He received his Bachelor of Arts in government and international relations from the California State University, Sacramento.
Jed Pressgrove has been a writer and editor for about 15 years. He received a bachelor’s degree in journalism and a master’s degree in sociology from Mississippi State University.