Back to Customer Stories
K-12 Education
1min read
June 5, 2026

How SecureW2 Future-Proofed a School District’s Network Security

At a Glance
Industry K-12 Education
Use Case Chromebook EAP-TLS migration; certificate-based Wi-Fi across managed devices
Products Dynamic PKI, JoinNow Platform
Key Result Summer Chromebook migration to EAP-TLS succeeded on first day of school
Read the Full Story
Schedule Demo

The Challenge

A fast-growing school district needed to protect student devices from man-in-the-middle and spoofed-network attacks on school Wi-Fi. To accomplish that, the school needed to replace their old password-based authentication system (PEAP/MSCHAPv2) with certificate-based authentication (EAP-TLS) on student Chromebooks.

The migration had to be completed over the summer break. If the project failed, the new school year would begin with thousands of devices unable to connect.

The district also faced another problem: classroom carts stack Chromebooks, and the top 10 get used daily while the ones at the bottom may sit untouched for months. If certificates expire during that dormant period, the device has no way to auto-renew because it cannot connect to the network. Even after deploying certificates to managed devices, the district could not disable password-based authentication because BYOD devices lacked a certificate enrollment path.

The district needed a platform that could handle certificate-based authentication for Chromebooks, Apple devices, and Windows devices — and run without constant maintenance.

The Solution

The district worked closely with SecureW2 to deploy automated enrollment through each MDM platform with cloud-based PKI. This deployment didn’t require any on-premises infrastructure. Apple devices enrolled first through Mosyle and have been authenticating with certificates for more than a year, proving the platform’s stability to the district before the higher-stakes Chromebook migration.

The network administrator waited until school was out for the summer to switch the entire Chromebook fleet from PEAP/MSCHAPv2 to EAP-TLS. Chromebooks authenticated on day one, and the district has not looked back. Intune integration for Windows devices is configured and ready as the district gradually rolls out Intune across its Windows fleet.

The Results

  • Chromebook migration success. Thousands of Chromebooks switched from password-based to certificate-based Wi-Fi over the summer. When the school year began, everything worked from day one.
  • Apple devices on certificates for over a year. The Mosyle integration has been operational since before the Chromebook migration, and it’s still going strong.

With managed devices authenticating on certificates and the Intune rollout expanding, the district is moving toward a fully certificate-based environment. The remaining gap is BYOD — personal devices still rely on PEAP/MSCHAPv2. Closing that gap would allow the district to disable password-based authentication entirely.

Learn More About SecureW2

Explore SecureW2's trust model, dive into our platform and product details or read more success stories.

Why SecureW2

Establish continuous trust with Dynamic PKI and Cloud RADIUS. Enforce access based on live identity, device posture, and risk context.

  • Passwordless authentication that can’t be phished
  • Works with your IdP, MDM, and security stack
  • Real-time policy engine for dynamic access control
Learn More
Explore the Platform

Get the essentials on the products that power continuous enforcement.

SecureW2 JoinNow Platform
SecureW2 Dynamic PKI
SecureW2 Cloud RADIUS
MultiOS for Self-Service Onboarding
Integration Hub
Knowledge Base Articles

Explore practical guidance from engineers and admins deploying SecureW2.

  • Setup and configuration tutorials
  • Integration best practices with IdPs and MDMs
  • Troubleshooting guides for PKI and RADIUS
Browse Explainers