Back to Customer Stories
Education
1min read
May 25, 2026

From Legacy NPS to Cloud PKI: Securing 30,000 K-12 Users Across 30+ Campuses

At a Glance
Industry Education
Use Case Certificate-based Wi-Fi across 30+ campuses for 30,000 users; legacy NPS decommission
Key Result Legacy Windows NPS fully removed; Chromebooks and Intune devices authenticating via certificates across all campuses
Read the Full Story
Schedule Demo

The Challenge

A national charter school management organization serving 30,000 students, faculty, and staff needed to replace its legacy Windows NPS infrastructure with certificate-based authentication. The IT team lacked internal PKI expertise and needed a partner that could handle the complexity of a distributed K-12 environment.

The client needed to overcome two primary hurdles:

  • The Chromebook “Login Gap”: Shared devices dropped connection when transitioning from the login screen to the student profile.
  • Multi-Device Support: Staff required seamless enrollment for multiple Apple devices.

What the organization required was a managed platform that could deliver certificate-based authentication across 30+ campuses without requiring internal PKI expertise. The SecureW2 JoinNow Platform could offer Cloud PKI, Cloud RADIUS, and automated device enrollment to meet the demands of a large, dispersed user base.

The Solution

Working with the SecureW2 team, the organization deployed the new authentication network in three phases over several months:

  1. Phase 1: Chromebooks were secured via Google Workspace SCEP integration.
  2. Phase 2: Windows laptops and tablets transitioned via Intune-managed certificates.
  3. Phase 3: The team fully decommissioned the legacy Windows NPS infrastructure.

The shared Chromebook login gap was resolved through specialized configuration changes with SecureW2 support, ensuring an “always-on” connectivity experience for students. The team is now working on implementing authentication for Apple devices and extending the deployment to BYOD onboarding for staff personal devices and a guest Wi-Fi portal.

The Results

  • Eliminated legacy infrastructure: The SecureW2 JoinNow platform replaced Windows NPS authentication for a more secure, agile system .
  • Resolved connectivity gaps: Shared Chromebooks are now authenticated via device certificates across all campuses with the login gap resolved.
  • Intune-managed devices enrolled and working: Windows laptops and tablets authenticate with certificates deployed through Intune.

With legacy NPS removed and managed devices authenticating across all campuses,  the organization now has a system in place that will future-proof the network for a secure, continuous-trust environment.

Learn More About SecureW2

Explore SecureW2's trust model, dive into our platform and product details or read more success stories.

Why SecureW2

Establish continuous trust with Dynamic PKI and Cloud RADIUS. Enforce access based on live identity, device posture, and risk context.

  • Passwordless authentication that can’t be phished
  • Works with your IdP, MDM, and security stack
  • Real-time policy engine for dynamic access control
Learn More
Explore the Platform

Get the essentials on the products that power continuous enforcement.

SecureW2 JoinNow Platform
SecureW2 Dynamic PKI
SecureW2 Cloud RADIUS
MultiOS for Self-Service Onboarding
Integration Hub
Knowledge Base Articles

Explore practical guidance from engineers and admins deploying SecureW2.

  • Setup and configuration tutorials
  • Integration best practices with IdPs and MDMs
  • Troubleshooting guides for PKI and RADIUS
Browse Explainers