K-12 (kindergarten through twelfth grade) education systems in developing countries may be experiencing advancements and technological changes in which students are provided access to ruggedized client devices such as, for example, laptop computers, tablet computers and convertible tablets for educational purposes. In addition, cloud based services such as, for example, platform management, mobile device management (MDM), single sign-on (SSO), web filtering and theft protection services may be provisioned on the client devices in order to enhance security, prevent unauthorized usage, and so forth.
In a typical educational scenario in a developing country, the Ministry of Education (MoE) and/or certain school districts might acquire large quantities of the devices, which may not be widely available on the open market, and distribute them to the students while maintaining ownership of the devices. Moreover, the MoE may select the services to be provisioned on the devices based on the particular needs of the educational community. For example, the MoE may activate (e.g., turn on) MDM services on all machines belonging to a certain middle school and activate theft protection services on the devices distributed to grade ten of a certain high school. Similarly, the MoE may be able to deactivate (e.g., turn off) certain services on a group of devices.
Although the end users of the devices typically do not own the devices, they may have administrative rights. In this regard, end users may deactivate, delete, prevent installation or otherwise disable operation of cloud based services on the devices without authorization of the MoE. For example, an end user may spoof the media access control (MAC) of a client device so that during downloading, installation or usage of a service, an authentication error may occur and render the service unusable.