The Challenge
A mid-sized state university struggled to deliver reliable, high-quality network access to students and faculty while managing risk. BYOD posed a major challenge, especially as the school planned a migration from LDAP to Microsoft Entra.
BYOD Challenges
Facing a confusing, multi-step onboarding process for Wi-Fi access, many students skipped it entirely or came to the IT desk for help, adding a significant, and avoidable, workload.
The university wanted to give students easier access to the Wi-Fi network, but administrators were also concerned about the potential for risk. BYOD devices could introduce viruses or malware into the system. Bad actors could steal credentials and use them to access financial information or other sensitive data.
Infrastructure Gaps
The university runs SCCM for device compliance and Intune for device management, a split that creates a blind spot: compliance data is not yet set in Intune, making it impossible to enforce compliance-based access decisions through the MDM.
The current RADIUS authentication chain runs through LDAP, a dependency which needed to be migrated to Microsoft Entra.
The university needed a platform that could simplify BYOD onboarding, bridge the SCCM-to-Intune gap, and move the RADIUS identity source from LDAP to Entra ID.
The Solution
Working closely with SecureW2, the university implemented JoinNow MultiOS to smooth the process of BYOD onboarding. The portal offers a self-service, relatively frictionless path to onboarding, reducing students’ BYOD challenges and encouraging them to use the school’s secure network.
For managed devices, SecureW2 bridged the compliance gap and introduced additional safeguards through integrations with Intune and Jamf for Windows and Apple devices, respectively. The university also uses SecureW2 Cloud PKI to issue secure certificates across managed and BYOD devices.
The university is now evaluating Dynamic PKI with continuous trust enforcement — shorter-lived certificates that validate device posture more frequently, tightening the security model without adding manual overhead.
The Results
- Student and managed devices authenticated via certificates: Both BYOD and institutionally-managed devices connect using certificate-based authentication.
- BYOD onboarding managed through JoinNow MultiOS: The portal offers self-service onboarding with fewer clicks than other systems, easing the process for new students.
- LDAP-to-Entra migration path established: The university has a clear plan to move its RADIUS identity source from LDAP to Entra.
With the LDAP-to-Entra migration on the roadmap and Dynamic PKI under evaluation, the university is positioned to modernize its authentication architecture while building on six years of continuous deployment. A Dynamic PKI upgrade would deliver shorter-lived certificates with continuous trust enforcement — addressing security concerns without adding complexity to the student onboarding experience.