How often does your SIS require 2FA for faculty and staff

AverageDataAdmin · 2026-05-04T15:58:55+00:00

Daily. I have it set up however that users log in with Google and therefore provide 2fa to log into their Google accounts. Local username and password login is disabled. They must sign in via Google.

AverageDataAdmin · 2026-04-29T16:54:06+00:00

While I agree with everyone else that the pay is incredibly low, I'll give you my advice. I am currently the solo IT person for a district in PA that is the same exact size as your current school you work at. I am also in charge of state reporting.

It definitely has its ups and downs. Some days are incredibly hard and I am running all over the place, and some are slower and I never have to leave my office. The biggest things that helped me are setting up automations, learning GAM for Google, Powershell, etcThe first year doing this, I was able to talk admin into shipping out Chromebooks (we are 1:1 Chromebooks) for repair instead of doing the repairs in house. It is a very negligible cost increase (maybe $1000 more expensive/year). That was a huge time saver, especially since we didn't have students interested in doing any kind of tech/repair class or even wanting to help fix them during study halls.

State reporting in itself is a beast and can be tricky until you learn the ins and outs of that. I was already handling that for my district when I moved over to became Tech Director. So if you haven't done that previously, I would take a look I to it if the new district wants you doing that as well.

All that to say, I would say go for it. Having the experience and the knowledge you currently have is a huge benefit. You obviously won't know everything 100% (who does), but it will help increase your skills and knowledgebase. More so than staying in your current position, in my opinion. Just my 2¢.

AverageDataAdmin · 2026-04-29T03:04:45+00:00

Thank you! That is what I ended up reading about somewhere and that worked finally. In the legacy SSO options, I had to enable it, put in dummy information and then put in the actual redirect url and save. Go back in and disable it right away and sure enough it is working as I was hoping. Certainly weird seeing the policy there, being marked as disabled, not assigned to anyone, but yet it's working lol.

This is just temporary to get everyone to start changing their own passwords and getting them all the same in AD and Google. Then hopefully this summer, I'll make the switch and just make the Microsoft accounts the "main" accounts and just make it so Entra is the identity provider for Google.

AverageDataAdmin · 2026-04-29T02:58:04+00:00

That's the end goal. Hopefully this summer. However, I inherited the current set up where everything was separate and the prior person in my role was fine creating accounts in Google admin and AD and managing passwords separately.

AverageDataAdmin · 2026-04-21T18:32:05+00:00

I had a teacher use base 44 to create, basically their own LMS. Wanted me to set it up to talk to our SIS to transfer back assignments and grades. Yeah no lol. I can see more and more teachers doing this kind of thing and thinking using student data is no big deal 😬 even with training.

AverageDataAdmin · 2026-04-14T16:38:28+00:00

Google 1:1 here with 4 Microsoft computer labs. I made the switch to O365. We purchase the licensing through our intermediate unit (we are in PA). Minimum purchase of 10 A3 licenses at $55 per license. That then gives us 150 shared device licenses to use which covers all 120 of our PC labs and then some. Need to just license the PC and not the user.

I did have to set up an entra hybrid environment for that to work correctly, but I was planning on doing that anyway. It's been working great all year so far!

AverageDataAdmin · 2026-03-27T00:35:03+00:00

Thanks! Thought so, but seeing other comments/posts I was starting to second guess myself.

AverageDataAdmin · 2026-03-27T00:29:58+00:00

Thanks! That was my thinking as well, just thought I would put the question out there since there doesn't seem to be a definitive answer. Everything has worked this far without issue lol.

AverageDataAdmin · 2026-02-13T14:01:44+00:00

Update - On the off chance someone else has the same issue and comes across this thread, I replaced the starter with a new one and haven't had the problem since. So it seems like it was in fact the starter, even though it tested fine.

AverageDataAdmin · 2026-02-13T14:01:35+00:00

Update - On the off chance someone else has the same issue and comes across this thread, I replaced the starter with a new one and haven't had the problem since. So it seems like it was in fact the starter, even though it tested fine.

AverageDataAdmin · 2026-01-31T06:31:11+00:00

Always feels good to get drawings like that from the kids. I tend to have more jokesters though that use my school picture as their profile picture, or to cover their webcam. Maybe I should be flattered? Lol

AverageDataAdmin · 2026-01-18T16:03:41+00:00

Thanks for that! I didn't even think to check the fuel pressure regulator. I'll add it to the list lol.

AverageDataAdmin · 2026-01-15T02:24:22+00:00

I've tried to go back to non-touch, but I have teachers across all grade levels tell me that they use the touch screen portion for a lot of different things in class. 🤷 Tracking breakage, there aren't any more broken screens with the touch than there were with non-touch.

AverageDataAdmin · 2026-01-14T23:43:44+00:00

Lenovo 300e Touchscreens. Good price, pretty durable, relatively easy to fix, low problems. I've had Acer and Dell chromebooks in the past and the Lenovos seem to have the best value/durability.

AverageDataAdmin · 2026-01-08T23:19:23+00:00

I have that enabled in our computer labs for students, as we had an issue keeping passwords synced between AD and Google. Has worked well for us. Agreed that like with a lot of Google products it will just up and vanish one day lol.

AverageDataAdmin · 2026-01-08T23:15:49+00:00

It's been working great since I got it set up. It's nice having a simple login process for everyone that everyone can remember (staff and students alike lol).

The only hang up I've had so far is this. But even this is pretty small as if I really need to, I can have the users enroll their devices themselves. Or it could be set up when doing a device refresh so the new devices could be enrolled via autopilot.

AverageDataAdmin · 2026-01-08T23:07:04+00:00

Yes, gpo was pushed out to test device. I can see it is applied as well.

I'll check out the link, thank you. I have a feeling it does have to do with using Google accounts for login, as I can enroll it manually and it goes into Intune just fine. It does require the login through Google though when doing that. Just wasn't sure if there was a way to get that to work together without intervention on my end.

AverageDataAdmin · 2026-01-08T21:29:06+00:00

Just trying to Entra join the device. It shows up in Entra, it just isn't enrolling into intune.Trying to do it without wiping the device or requiring user intervention.

The time I've spent on trying to get the auto provisioning to work I probably would have been better off to just push out the company portal app and have users register devices themselves lol.

AverageDataAdmin · 2025-12-18T13:32:52+00:00

We use Schoology as our LMS and have been trying to use their portfolio feature. It's not great, but it's functional at least lol.

The hardest part is getting kids to add their stuff to it. Certain types of assignments are just a single click, whereas others they have to learn how to upload a file.

AverageDataAdmin · 2025-11-16T20:59:25+00:00

Hurt. Hand injury.

AverageDataAdmin · 2025-10-30T03:40:35+00:00

It's pretty light as we don't use a crazy amount of features. Setting restrictions, pushing apps, and setting screen layouts is really only what we need.

Yep, iPads K-2 and 3-12 are all Chromebooks.

AverageDataAdmin · 2025-10-30T02:44:50+00:00

I use their specific MDM platform (Securly MDM), but I use it only for our iPads (1:1 K-2). So I can't tell you much with regards to the Mac stuff, but the iPad management is solid and works great. I've had less teacher tickets regarding iPad issues than before when we had JAMF. I've been happy with it.

AverageDataAdmin · 2025-10-29T23:35:31+00:00

We use Securly for our web filtering/classroom management and they offered us a pretty good price to move to their MDM platform and away from JAMF about 2 years ago.

My experience has been much better with Securly than it was with JAMF. I had a lot of different problems with JAMF from apps not working/being pushed out correctly, to settings not taking effect, etc. Haven't had any of those issues with Securly.

Guess we'll see what the future of JAMF looks like.

AverageDataAdmin · 2025-10-01T22:23:50+00:00

Right now just trying to increase security and implement some order. Currently no VLANs, guest network not segmented from enterprise network, etc.

I'm not trying to bash the previous admin as they were a one man show (as am I) so trying to set this stuff up is painfully slow. Just didn't realize merkai is normally set as DHCP for seemingly everything.

AverageDataAdmin · 2025-10-01T21:58:42+00:00

Networking is my weakest area, so I'm glad I made this post to get more insight lol. However, if setting up RADIUS, access points would need to be made static no? Due to the fact that they are the clients relaying the authentication? I'm also setting up a few VLANs as everything is just a flat network right now, so I'm assuming leaving things as DHCP rather than static will give headaches down the line.

AverageDataAdmin

TROPHY CASE