Skip to main content

MDM for Education: How Schools Manage Devices at Scale

How schools and districts use MDM to manage classroom tablets and laptops. Covers shared iPads, zero-touch enrollment, kiosk mode, and student data protection.

Julien Ott Julien Ott
6 min read
Students using laptops and smartphones in a modern classroom. Photo by Mikhail Nilov on Pexels

MDM for education means using mobile device management software to configure, secure, and control the tablets, laptops, and Chromebooks that students and teachers use every day. A school district with 2,000 iPads can push apps, lock screens during exams, and wipe a lost device from a single admin console. Without MDM, your IT team is configuring each device by hand, one at a time, every September.

Why schools need MDM (and why it's different from corporate)

Corporate MDM assumes one person per device. Education flips that assumption. A single iPad might be shared by 30 students across six class periods, each needing different apps, different restrictions, different content. That's the core challenge.

Then there's scale. A mid-sized school district manages 5,000 to 15,000 devices. A university campus can hit 50,000. And your IT budget? Probably a fraction of what a company with the same device count spends.

Three things make education MDM distinct from enterprise deployments:

  • Shared device workflows. Apple's Shared iPad feature and Android's multi-user profiles let students sign into a shared device and get their own apps and data. The MDM orchestrates this.
  • Content filtering and exam lockdown. You need to block social media during class, restrict browsing to approved sites, and lock devices to a single test app during exams (kiosk mode handles this).
  • Parental and regulatory pressure. COPPA in the US, GDPR in Europe. Student data protection isn't optional, and MDM policies need to enforce it at the device level.

What does an education MDM actually do?

Think of MDM as the control layer between your IT team and every device in the school. Here's what that looks like in practice.

App deployment. Your teachers need Kahoot, Google Classroom, a graphing calculator app, and the district's custom reading platform. With MDM, you push all four to 500 devices in minutes. No App Store passwords, no student interaction required. The apps appear silently. When the school year ends, you wipe them just as fast.

Device restrictions. During a standardized test, you lock every iPad to a single testing app. Students can't switch to Safari, can't access the camera, can't AirDrop answers. After the test, restrictions lift automatically. You set this up once as a profile and deploy it to every test-taking device.

Wi-Fi and network configuration. 500 new devices need your school's WPA2-Enterprise Wi-Fi credentials, proxy settings, and certificate. MDM pushes all of this silently during enrollment. No printed instruction sheets, no help desk tickets from confused teachers.

Lost and stolen device response. A student loses a tablet on the bus. Your IT admin remotely locks it within minutes, displays a "return to school office" message, and if it doesn't come back, wipes it. The device becomes a brick to the thief and the school's data stays protected.

Deploying thousands of devices without losing your mind

September is brutal for school IT teams. Hundreds or thousands of new devices arrive in boxes, and they all need to be ready for the first day of class.

Zero-touch enrollment is what makes this possible. For Apple devices purchased through Apple School Manager (ASM), every iPad automatically enrolls in your MDM the moment a student turns it on. No manual steps. The device downloads its profile, installs the right apps, applies the right restrictions, and it's classroom-ready.

Android devices work the same way through Android Enterprise with zero-touch enrollment. Chromebooks have their own version through Google Admin console, though many schools pair it with a third-party MDM for more granular control.

The math is simple. Manual setup takes about 15 minutes per device. For 2,000 devices, that's 500 hours of IT labor. Zero-touch cuts it to near zero.

Shared iPads and multi-user Android: the education-specific features

Apple's Shared iPad feature, available on iPads with at least 32GB of storage, lets multiple students use the same device with individual sessions. Each student signs in with a Managed Apple ID (provisioned through ASM), gets their own home screen layout, their own app data, their own Safari bookmarks. When they sign out, their session is cached locally for fast re-login.

Your MDM controls how many users can be cached per device (the practical limit depends on storage), whether a guest session is allowed, and the maximum time before automatic logout. This is where policy meets pedagogy: if a class period is 45 minutes, you set the auto-logout to 50 minutes.

On the Android side, the setup varies more. Some manufacturers support multi-user profiles natively, while others rely on Android Enterprise's work profile approach. The experience is less polished than Apple's, but it works. Chromebooks handle multi-user better than Android tablets, which is one reason they still dominate US K-12.

Student data protection: COPPA, FERPA, and GDPR

Schools aren't just managing devices. They're managing devices used by minors. That changes everything about your compliance obligations.

In the US, COPPA (Children's Online Privacy Protection Act) restricts data collection from children under 13. FERPA (Family Educational Rights and Privacy Act) protects student education records. Your MDM needs to enforce both: no apps that harvest student data without consent, no cloud backups to servers outside approved jurisdictions, no location tracking beyond what's needed to find lost devices.

In the EU, GDPR applies to student data with extra weight. Data processing requires explicit consent from parents for students under 16 (or under 13 in some member states). Your MDM configuration needs to disable telemetry, restrict diagnostic data sharing, and ensure that device management traffic stays within EU data centers.

This is where your MDM vendor matters. Ask where their servers are, who processes the data, and whether they've done a DPIA (Data Protection Impact Assessment) for education use cases. If they can't answer clearly, walk away.

Choosing an MDM for your school or district

The education MDM market includes big names like Jamf School (Apple-focused), Hexnode, and Google Admin for Chromebooks. Appaloosa supports both Apple and Android fleets with app management built in, which matters if you distribute custom or in-house educational apps alongside commercial ones.

What to look for:

  • Shared device support. If you're running shared iPads, you need Shared iPad management, not just single-user MDM.
  • ASM and ABM integration. Automated enrollment through Apple School Manager should work out of the box.
  • App licensing. Volume Purchase Program (VPP) integration lets you buy app licenses in bulk and distribute them without Apple IDs on every device.
  • Classroom tools. Some MDMs include teacher-facing features: screen monitoring, app push during class, device lock during presentations. Others integrate with Apple Classroom.
  • Data residency. If you're in the EU, you need EU-hosted management. No exceptions.

Start with a pilot. Pick one grade level or one building. Deploy 50 to 100 devices, iron out the profiles and policies, and expand from there. Trying to go district-wide on day one is how rollouts fail.
Julien Ott
April 30, 2026

Ready to deploy MDM?

Get started today with unrestricted access to our platform and help from our product experts.

Get Started

Alternatively, contact sales.

Free 14-day trial
Cancel anytime, no questions asked.
Expert Support
Get customized and expert onboarding to get started.