Customer story

Centralized enrollment and authentication of Microsoft Intune-managed devices


Public school cooperative Erie 1 BOCES was looking for a solution to authenticate mobile devices of students and faculty for Wi-Fi access. PrimeKey EJBCA, with its integration with Microsoft Intune, was the scalable, cost-efficient, and easy-to-use solution they were looking for.

Erie 1 BOCES is a New York state board of cooperative educational services that delivers state-of-the-art technology and support to more than 100 school districts across 7 counties. It was established as a way for local school districts to collaborate on services and to reduce their individual expenses. As such, scaleable, cost-effective, and centrally-managed solutions are highly preferred.

When Steven Duckworth, Chief Microcomputer Technical Support Specialist at Erie 1 BOCES, was looking for a solution to authenticate district-owned devices of their students and faculty for Wi-Fi access, he knew it would need to be scaleable, cost-effective, and easy-to-use.

Securely enabling a modern cloud architecture

Duckworth and his colleagues have been transforming Erie 1 BOCES for years to a modern approach to managed IT services. Erie 1 BOCES and its districts leverages cloud services, such as Microsoft Azure Active Directory and Microsoft Office 365, so it made sense to turn to Microsoft Intune for its corporate device management.

According to Duckworth, due to the COVID-19 pandemic, districts started to inquire about remote management of Windows devices and Microsoft Intune for remote instruction. Microsoft Intune would enable the IT staff of Erie 1 BOCES and districts to enroll their laptops to push apps, policy and certificates to those devices in order to authenticate them against their Wi-Fi network. However, Duckworth also required a third-party solution to manage the PKI and certificate process.

“It was important to authenticate devices in a secure manner, which required a public-facing certificate management solution since the devices were bound to Azure AD,” said Duckworth.

EJBCA – scaleable, cost-effective and easy-to-use

During the RFP process, Erie 1 BOCES rejected other vendors that were charging per certificate. The costs were adding up.

“I started doing the math…if each device required a certificate across dozens of districts, the costs would be astronomical: more than $250,000 per year,” remarked Duckworth.

PrimeKey stood out with its flexible approach to enterprise PKI and certificate management. Its cloud-based deployment would enable remote management of multiple school districts in different locations, at a fraction of the cost. 

“EJBCA is scaleable, cost-effective, and easy-to-use, which enables our organization to remotely enroll and authenticate Microsoft Intune-managed devices for students and faculty across many school districts and counties,” said Duckworth.

Deployment was a breeze. Erie 1 BOCES integrated PrimeKey with Microsoft Intune in about two weeks and has issued certificates to thousands of devices. Now there are plans to extend this deployment to thousands of other devices as well.

Duckworth concluded, “There was the potential that integrating a full-lifecycle certificate management solution would be a heavy lift, especially from the technical side, but it was definitely not an issue – PrimeKey made it easy, every step of the way.”

Steven Duckworth, Chief Microcomputer Technical Support Specialist for Erie 1 BOCES

”EJBCA is scalable, cost-effective, and easy-to-use, which enables our organization to remotely enroll and authenticate Microsoft Intune-managed devices for students and faculty across many school districts and counties.”



PrimeKey EJBCA:

  • Powerful, flexible, and easy-to-use. A full-lifecycle solution.
  • Issue, manage, and revoke certificates with Certificate Authorities (CA), Registration Authorities (RA) and Validation Authorities (VA).
  • Cloud-based deployment enables remote management and scaleable licensing.

Microsoft Intune integration:

  • 3rd party PKI and certificate management.
  • Remotely enroll and authenticate Microsoft Intune managed mobile devices .
  • Native support for Azure Key Vault 

Watch this video

– and see how EJBCA made security simple for Erie 1 BOCES

Products used for this customer

Learn more about the products that helped this customer to a successful solution: 

EJBCA® Enterprise

Complete public key infrastructure (PKI) and certificate management