Network Filtering Recommendations
Applies To: Windows 8.1
For a Windows RT 8.1 deployment in education you can use user authentication, MAC security filtering, and certificate-based authentication to get students' Windows RT devices through firewalls.
A common challenge in schools is providing student access to the Internet from Windows RT devices. Schools use network filters that work seamlessly with domain-joined PCs but not workgroup devices, like Windows RT devices. There are three ways to get these devices through firewalls:
User authentication. After students sign in to their Windows RT device by using their local or Microsoft accounts, they can authenticate with the firewall by using their domain accounts. This method has the added benefit that tracking behavior to individuals is easier than other methods (for example, bullying investigations).
MAC security filtering. A common solution is to enable MAC address security filtering on the firewall, then adding each Windows RT device’s MAC address to it. Listing 3 records each device’s name and MAC address in the Logs folder to provide the data for this solution.
Certificate-based authentication. Schools can install certificates on Windows RT devices and use them to authenticate with the firewall. Deploying certificates to the devices and configuring certificate-based authentication can be challenging to automate, but Windows Intune plus System Center 2012 R2 Configuration Manager provides this functionality.