Category: White Paper
Audience: School Leaders and  Network Admins
Download white paper:

Download PDF

The majority of school networks are underpinned by Microsoft networking technologies. These networks run Windows Server domain controllers to manage host access to network resources and store user and group information in an Active Directory (AD) database.

Share this content:

Family Zone Education Solutions integrates directly with these Microsoft networking technologies to allow schools to understand student Internet use and manage website and application access from the cloud management interface (School Manager). 

School Manager provides schools the visibility needed to educate safe, constructive and web smart student behaviour that underpins an understanding of the responsibilities of being a good digital learner.

What are Microsoft networks?

Microsoft have become central to managing many local area networks by providing tools to control access to PCs and local network resources. Central to this is Windows Server which hosts directory information and authentication services.

Learn more: Microsoft Networks

Internet Usage Reporting by Individual Student and AD Group

Internet use can be viewed on an individual student or group basis, with alerts and reporting for online activity that breaches school internet use policies. This approach enables schools to take a proactive approach to educating digital citizenship by addressing issues with individual students as they arise.  Appropriate network use can be outlined in the school’s Student Internet Access Agreement and any behaviour contravening the agreement can be discussed with the student.

This transparency enables schools to adopt an open approach to network use by using visibility and alerting to highlight and respond to inappropriate behaviour. Creating a high trust environment supports student engagement and can improve learning outcomes.

Cute pupils in computer class with teacher at the elementary school.jpeg

Seamless Integration with Microsoft Domain Controllers

When a student uses a school device they are invariably required to authenticate themselves using their Microsoft domain login credentials. Once the student is authenticated the domain controller determines the network resources that the student has access to. 

School Manager integrates with Microsoft domain controllers through a messaging protocol called WMI events. These events inform School Manager as to which student is using the device so that internet access is filtered based on the AD group membership and the filtering policies that apply to these groups.

“I felt that this would enable a fundamental shift in the College’s approach to internet safety. We could move away from curtailing and blocking internet activity, to encouraging a sense of responsibility and ownership amongst the students.” Alex Daroux, Head of IT Operations, Te Aroha College.

Using School Manager to identify the student by their Microsoft domain account on any given device allows Internet access to be tailored to the student’s AD group membership and time of day. Schools can ensure that content accessed during class-time is lesson related.

This allows schools to easily apply global filtering rules such as ‘Block social media access for students during lesson time.’

Touch Free BYOD Support Through RADIUS Integration

Supporting student BYOD efficiently and safely can be challenging. Students connecting their device to the schools’ WiFi should ideally be required to enter their domain user credentials when joining the network.

This is achieved through a protocol called 802.1x that operates between WiFi access points and the WiFi controller which in turn uses the RADIUS protocol to enforce authentication by integrating with the domain controller’s RADIUS server. Microsoft’s RADIUS server implementation is referred to as the Network Policy Server (NPS).

School Manager integrates directly with the NPS to receive RADIUS events that inform School Manager as to which student is using a BYOD device. Student internet access is then based on the filtering policies applied to AD group membership.

This approach means that Family Zone is completely invisible to the device user until they attempt to access filtered content. Should this occur the student receives a ‘content blocked’ page instead of the destination website

Classwize Support for KAMAR AD Structure

Schools using KAMAR as their SMS can benefit by syncing user and group information with their Microsoft AD database. The benefit of taking this approach means that the teacher to class relationship is mirrored within the AD information.

This makes the rollout of the Classroom student internet use dashboard extremely straightforward as all group information is always present and correct.

Classroom allows teachers to easily relax or restrict temporary internet access policy such as ‘For year 9 Social Studies allow Facebook access for the next 30 minutes.’ This allows teachers to override default access policy in order for students to access lesson related content that would normally be blocked.

Supporting Office 365 with Azure AD Integration

Schools looking to move to Microsoft cloud services such as Office 365 will be using Azure AD, Microsoft’s cloud based user and group management service.

School Manager integrates with Azure AD for those schools looking to migrate into the cloud and eventually look to deprecate their local server infrastructure. Rather than authenticating users against a local server,School Manager queries Azure AD’s cloud hosted API’s to access user and group information.


For schools looking for better control and visibility over student internet use, School Manager integrates seamlessly with exisiting Microsoft network technologies to provide an integrated and easy to use solution. School Manager makes internet access management simple by identifying students on the network using their Microsoft login credentials, applying filtering policy based on group membership and recording all internet use against their account.

Download white paper:
Share this content:
Download PDF
As Recognised By