Keep it in Canada: ERP Solutions for K–12 IT Leaders 

Meg Wilson (Host): 
Hello everyone! We still have some attendees joining, so we'll give it a few more seconds... 
Okay, I think we're ready to begin. 

Welcome to today’s session—ERP Solutions for K–12 IT Leaders. This is the final part of our webinar series on the Sparkrock ecosystem, and we’re excited to have you with us. 

Today, we're focusing on topics that are particularly relevant to K–12 IT leaders, including: 

• Security 

• Privacy 

• AI 

• Data sovereignty 

It’s the middle of the week—Hump Day!—so we hope this webinar helps energize your Wednesday and gives you great insights to carry into the rest of your week. 

Introductions & Housekeeping 

I'm Meg Wilson, a Senior Sales Executive here at Sparkrock. I’ve had the pleasure of meeting some of you already—thank you for being here. 

We encourage you to ask questions using the Q&A feature throughout the session. Only moderators and presenters will be on camera, but we’ll address your questions at the end. If we run out of time, we’ll follow up afterward. A recording of this session will be sent within the week, so you can revisit it at your convenience. 

Today’s Panelists 

We’ve assembled a fantastic group of speakers today: 

• Karen McGregor – Azure Lead, Microsoft Canada Education Team 
  Karen works with school districts across Canada and brings deep expertise in architecture, deployment, and security. She’s also a former IBM alum, which is a perfect lead-in to our next panelists. 

• Brad Klink – Manager, Professional Services and Consulting, IBM 
  Brad has extensive K–12 experience and works directly with school districts and private schools to deliver innovative IT solutions. 

• James Aitchison – IBM K–12 Consultant 
  James has served in tech leadership roles at multiple school districts and now helps transform how K–12 organizations use technology. A real pleasure to work with. 

• Wendy Brown – Sparkrock Product Specialist 
  Wendy will wrap up our session by diving into how Sparkrock supports compliance, security roles, and the application-level features that matter to IT leaders. 

Special Introduction: Chief Security Officer 

Before we begin, I’d like to introduce someone new to the Sparkrock team—Stephen Marshall, our Chief Security Officer. 

Stephen, if you’re able to pop on camera for a second? 

Stephen Marshall: 
Thanks, Meg. It’s great to be here. I won’t be able to stay for the whole presentation, but I’m looking forward to watching the recording. You’ve got a fantastic group of presenters, and I’m excited to add my perspective on security in future sessions. 

Meg: 
Thanks, Stephen! We're thrilled to have someone dedicated to security, privacy, and data sovereignty for K–12. 

Agenda Overview 

Here’s how the session will flow: 

• Microsoft’s Security Approach (with Karen McGregor) 
  Learn how Sparkrock, as part of the Microsoft ecosystem, benefits from Azure and Microsoft 365’s security capabilities. 

• K–12 Governance & AI Landscape (with IBM) 
  Brad and James will cover how governance, risk, and AI trends are shaping IT in schools. 

• Compliance & Role-Based Security in Sparkrock (with Wendy Brown) 
  Wendy will walk through how we manage permissions, auditability, and data compliance at the application level. 

Microsoft Security in K–12 

Karen McGregor (Microsoft): 
Thanks, Meg. I’m excited to talk about how Dynamics—and by extension, Sparkrock—fits into the Microsoft security ecosystem. 

Let’s start with the basics: 

• Sparkrock is hosted within Microsoft Azure. 
  That means it benefits from Azure’s built-in protections and infrastructure-level security. 

• It’s not a black-box SaaS platform. 
  Instead, it integrates tightly with tools like Entra ID for identity, and the broader Microsoft Security stack, allowing IT leaders to: 

• Control authentication and permissions 

• Monitor security signals 

• Ensure compliance 

• Protect critical users and data 

This tight integration is essential in K–12, where: 

• The number of user identities (students + staff) is huge 

• Resources for IT management are often limited 

• Security alerts and user management can quickly become overwhelming 

With Sparkrock and Dynamics inside the Microsoft ecosystem, you’re not adding another isolated platform. You’re extending your existing security perimeter. 

When schools move to SaaS platforms without integration, it often creates silos. That adds risk and more noise—not less. But Sparkrock supports full visibility and management from within your existing Microsoft toolset. 

Karen McGregor (Microsoft): Microsoft Security for K–12 

Let’s talk about a foundational concept: assume breach—trust no one. 

Even when we think about identities, we need to recognize that any of them could be compromised at any time. That means we need to monitor signals continuously and respond quickly to any risks we detect.

If you’re not monitoring your collaboration platforms—or if you’re only doing so infrequently—you’re not going to catch issues in time. We don’t need massive log files that someone sifts through once a month. We need high-quality, actionable signals in real time. 

Key Tools in the Microsoft Security Platform 

• Entra ID (formerly Azure Active Directory) 
  Most K–12 organizations in Canada already use Entra ID for identity. It simplifies management and enables features like: 

• Single Sign-On (SSO) 

• Multi-Factor Authentication (MFA) 

• Conditional Access 

With Conditional Access, you can enforce rules like: 

• Logins only from managed devices 

• Specific IP addresses or geolocations 

• Blocking access if risky behavior is detected 

For example: You can set a policy that requires a superintendent to only access Dynamics from a secure, managed device—and only when no risk indicators are present. 

• Defender for Cloud Apps 
  This provides visibility and control over SaaS platforms like Dynamics. It helps you: 

• • Detect threats 

• • Create policies for specific apps 

• • Gain insight into how data is used across platforms 

• • Share threat intelligence across the Microsoft ecosystem 

When bad actors move between platforms—say from email into your ERP—Defender helps detect those movements and connect the dots. 

• Microsoft Purview (Information Protection) 
  As Stephen mentioned earlier, Purview helps apply sensitivity labels to data. If a sensitive file is downloaded from Dynamics into Excel, that label travels with the data. It’s a persistent, platform-wide security feature. 

• Microsoft Sentinel (SIEM) 
  Sentinel pulls detailed audit logs and activity monitoring from across your environment—including Dynamics—into a single view. That means full visibility and faster incident response. 

These are not isolated tools. They’re part of a connected security ecosystem designed to: 

• Improve threat detection 

• Simplify compliance 

• Enhance governance across all Microsoft applications 

That’s a quick tour of the Microsoft security layer and how it integrates directly with Sparkrock and Dynamics. 

Meg Wilson (Sparkrock): 

Thank you so much, Karen. That was a great overview! 

Next up, I’m going to pass things over to our partners from IBM to talk about governance in K–12—especially in relation to AI. Brad, James—over to you. 

Brad Klink (IBM): AI Governance and the K–12 Landscape 

Thanks, Meg. We recently met with the Ontario School Board Association to talk about AI governance and how it fits into K–12 operations. 

First, let’s tackle an important idea: 

Governance is not just an IT problem. 

We’re seeing: 

• Unencrypted laptops still in use 

• USB drives hanging from lanyards 

• Staff storing data across personal devices and cloud platforms 

• Data sprawl across Google, Microsoft 365, Apple apps, and more 

Governance must be tackled at the executive level—not just by IT. 

AI is being used (or proposed) across all areas of school districts: 

• Facilities 

• Transportation 

• Business operations 

• Student learning environments 

With all these use cases, how do you govern it? 

James Aitchison (IBM): AI Governance Frameworks and Practical Tools 

There are already some great tools out there. For example, the Government of Ontario has a solid AI governance framework as a starting point. Other provinces are developing similar resources. 

Let’s talk about the "technology sandwich” concept from Gartner, which is a more accurate way to describe your tech stack. Here’s how it breaks down for K–12: 

The “Technology Sandwich” for AI in K–12: 

• Top Layer: Decentralized Data 

• • Google Classroom, Microsoft 365, Apple apps 

• • Teacher-created content and siloed storage 

• Middle Layer: Centralized Systems 

• • SIS (Student Information Systems) 

• • ERP (like Sparkrock) 

• • AI embedded in vendor applications 

• Lower Layer: TRiSM 

• Trust, Risk, and Security Management 

• • Covers built-in AI, BYO AI tools (like Pi.AI), or internal bots 

With data scattered across platforms, you must ask: 

“Where is our data going when AI interacts with it?” 

From Policy to Practical Governance 

We often advise K–12 districts to shift their focus from strict policies and administrative procedures to more agile technology guidelines. These: 

• Are easier to implement 

• Don’t require as much red tape 

• Still provide clear expectations and compliance boundaries 

One great tool for this is a RACI matrix (Responsible, Accountable, Consulted, Informed). You define key technology functions like “strategy and governance” down the side, and then map stakeholders (CIO, Secretary Treasurer, etc.) across the top. Then you define who owns each part of the governance process. 

James Aitchison (IBM): Governance, Data, and the AI Landscape 

Thanks, everyone. I’ll wrap up with a few practical takeaways. 

Doing this governance work—especially around data classification and ownership—has been incredibly eye-opening for every organization we’ve supported. It helps inform strategy not just for AI, but for broader governance planning. 

Here are some key steps: 

• Inventory your data: Where is it stored? Who owns it? What devices access it? 

• Create KPIs: Set metrics for things like access control, backup schedules, and retention timelines. 

• Define policies and procedures: What’s your policy on data in transit, retention, or destruction? Who’s accountable for each dataset? 

Before I hand things off to Brad, here are five AI-related trends to keep on your radar, based on Gartner’s recent research: 

• AI Agents: These are systems that perform tasks autonomously. You’ll see more AI agents embedded in applications, helping automate work.

• Technical Debt in AI: Legacy systems (version 1.2, 1.3, etc.) are creating compounding complexity. 

• Data Location is Everything: Knowing where your data lives is critical for privacy and response. 

• AI-Driven ROI: AI will eventually be self-funding for many organizations, generating its own efficiency gains. 

• AI Innovation as a CEO Goal: In nearly every industry, including education, AI product and service innovation is becoming a top strategic priority. 

Hopefully this gave you a helpful framework for your governance planning. 

Brad Klink (IBM): K–12 Security and Data Risks 

Thanks, James. I’ll spend a few minutes expanding on the security side. 

There’s hardly a week that goes by without a new incident at a Canadian school district—ransomware, phishing, data breaches. The attacks are becoming more personalized and sophisticated. 

A few key points to consider: 

1. Valid Account Compromise Is the Top Threat 

According to IBM’s X-Force Threat Intelligence Report, the use of valid credentials by attackers almost doubledbetween 2022 and 2023. 

Once attackers gain access to a real user’s account, they can: 

• Move laterally within the system 

• Access email, files, and other apps 

• Exploit data with minimal detection 

Protecting these accounts is absolutely critical. 

2. Phishing and Vulnerabilities Are Still Major Risks 

Phishing remains a top attack vector. But also, the volume of known vulnerabilities keeps increasing. In 2024 alone, over 35,000 vulnerabilities have been reported—and that’s just the known ones. 

This means keeping systems patched and updated is more important than ever. 

3. Data Is Everywhere 

Data sprawl is a major issue: 

• Local servers and shared drives 

• OneDrive, Teams, Google Drive, Classroom 

• Third-party cloud apps 

You can’t protect what you can’t find. So the first step is: 

• Create a data map: Identify where data lives, what’s sensitive, and how it flows. 

• Classify and protect it: Use tools (like Microsoft Purview) to automate classification and apply security policies. 

4. People Are the New Firewall 

Security is no longer just about devices. It’s about people: 

• Use tools like MFA, conditional access, and least privilege access. 

• Review access regularly—who really needs access to what? 

• Provide real-world training to staff. Make it engaging. Teach them not to trust unknown sources, emails, or calls—even if they sound legitimate. 

Train staff to be a little suspicious. That’s a healthy mindset when facing AI-powered scams and voice deepfakes. 

5. Patching and Virtualization 

Don’t just focus on applications—your virtual infrastructure matters too. We’ve seen recent attacks targeting hypervisors and the virtualization stack. 

If you're moving your ERP to a cloud-hosted SaaS model (like Sparkrock), you're offloading a lot of this responsibility. You're also ensuring: 

• Data stays in Canada 

• Patching and infrastructure management are handled by experts 

• Staff can focus on higher-priority work 

6. Don’t Over-Retain Legacy Data 

It’s tempting to keep everything. But when you’re breached, everything becomes a liability. Some breaches have forced districts to offer identity protection to people affected by records going back decades. 

So use this transition—especially if you're moving to Sparkrock—as a moment to: 

• Clean your data 

• Set better retention rules 

• Classify and migrate only what’s necessary 

Brad Klink (IBM): Final Security Recommendations 

Thanks, Meg. 

To close out the broader trends section, here are a few practical security strategies for K–12 IT leaders to keep in mind: 

• MFA and Conditional Access: These are becoming standard across Canada. Whether you're using Microsoft or Google, implement these controls as foundational security steps. 

• Identity Ecosystem Awareness: Tools like Microsoft Entra ID are powerful, but complex. Take the time to understand cross-authentication options (e.g., between Microsoft and Google), and explore what’s possible with A3 or A5 licenses—especially for enabling advanced security features. 

• Data Mapping and Classification: Every school division should go through this exercise. It’s time-consuming, but if you're planning any migration (ERP, SIS, OneDrive, Google, Teams), it's the perfect opportunity. Map your data, classify it, set access levels, and automate where possible. Aim for least privilege access across the board. 

• Lifecycle Automation: Automate user provisioning and deprovisioning to reduce manual errors and improve consistency in access controls. 

• Email and Endpoint Security: If you're deploying Microsoft devices and using Intune, integrate Defender and consider adding managed SOC services. These are essential as your security perimeter expands. 

• Vulnerability Assessments: Conduct penetration testing at least annually—especially before or after any significant IT change (like migrating a system or data center). 

• Contingency Planning: 

• • Keep your incident response plan up-to-date. 

• • Run tabletop exercises to ensure your team knows how to use it. 

• • Expand your business continuity planning beyond cyber threats—think snowstorms, power outages, or other physical disruptions. 

• • Strengthen your backup strategy and ensure immutability of backup data. 

Meg Wilson (Sparkrock): Why Sparkrock Is Different 

Thanks again, Brad, James, and Karen. That was incredibly informative. 

Before I hand it off to Wendy, I want to briefly highlight why Sparkrock’s ERP is unique when it comes to security, privacy, and ERP application management. 

• Sparkrock is not just a standalone system. We're a curated suite of applications that sit directly within the Microsoft Dynamics 365 Business Central ecosystem and the broader Microsoft Azure platform. 

• What that means for you: 

• A cloud-optimized ERP 

• Tight integration with Microsoft security tools 

• Data residency and compliance in Canada 

• The ability to benefit from all the safeguards and innovation Microsoft provides 

A quick product update: 
In addition to acquiring Assembly earlier this year, we’re excited to announce we’ve also acquired School Day. This solution offers: 

• Combined payments and e-forms 

• Communications tools 

• Automated income readings 

• A better experience for parents and staff 

School Day is a natural extension of Sparkrock’s finance and SIS offerings, and we're thrilled about what this means for our customers. 

Wendy Brown (Sparkrock): Live Product Walkthrough – Security and Compliance 

Hi everyone, I’m excited to walk you through how Sparkrock 365 puts these security principles into practice. 

Let’s start with how we support segregation of duties and secure access at every level. 

1. Role Centers and Personas 

• Sparkrock 365 uses Role Centers to define what each user sees and can do. 

• For example, I’m logged in as a Security Administrator. From here, I can: 

• View all configured roles 

• Enable/disable roles 

• Set default views 

• Customize navigation and dashboards based on job duties 

You can easily add, hide, or move components within each Role Center to tailor the experience. 

2. Role Assignment 

• Once your Role Centers are defined, users are assigned to them based on job function. 

• This ensures people only see what’s relevant to their role. 

3. Integration with Microsoft Entra ID (formerly Azure AD) 

• Sparkrock permissions are tied to Microsoft Entra security groups. 

• Each group can be assigned specific permission sets, which define: 

• Read-only access 

• Insert, modify, or delete access 

• This ensures that adding a user to a group in Entra automatically gives them the right permissions in Sparkrock 365. 

4. Change Logs and Monitoring 

• You can configure Change Logs to track who changed what, where, and when. 

• Admins can choose: 

• Which tables and fields are monitored 

• What kind of changes trigger log entries 

We'll see this in action shortly as I continue the live demo. 

Wendy (Sparkrock): 
Let me show you how Sparkrock 365 helps manage data integrity, security, and Microsoft ecosystem integration. 

You can see here on my vendor record, I’ve set it up to log all fields for insertions, modifications, and deletions. I’ll show you how you can drill down on that directly at the record level. You also have access to the Change Log Entriestable, where you can run reports and review changes anytime. 

Brad and James earlier mentioned data mapping exercises and the importance of data classification. In Sparkrock 365, we include a Data Classification Worksheet. This lets you classify each field as: 

• Unclassified 

• Sensitive 

• Personal 

• Company Confidential 

• Normal 

…and then apply appropriate policies around each of those classifications. 

Let’s put on our IT hat and head into the Admin Center. This area gives you visibility into your different environments. For example, I’m working in a production environment here, and I can immediately see which region my data is stored in—Canada in this case, ensuring data residency compliance. 

The Admin Center also gives you tools to: 

• Copy data 

• Contact support 

• View and cancel active sessions 

• Manage sandboxes (every customer gets one production and up to three sandbox environments) 

Let’s switch gears and explore how Sparkrock 365 integrates with Microsoft 365. I’ll switch from the Security Administrator role to the Accounting Manager role. 

One great example of integration is on the Vendor page. The same functionality is available across other pages like purchase orders or invoices. Here, you can: 

• Open data in Excel 

• Edit in Excel 

• Share via Teams 

• Copy a secure link to share 

Only users with the right permissions will be able to view the data from these links. 

Let me show you what “Edit in Excel” looks like. I’ll open the vendor list in Excel using our secure connector. You’ll see the data pulled directly into the spreadsheet. I’ll go ahead and change the Purchasing Code for one vendor to “WB,” then publish that change back to the application. 

Once published, I can return to Sparkrock 365, navigate to that vendor record, and—because I had change logs enabled—you’ll see exactly what changed, who made the change, when they did it, and what the old and new values were. This gives you full transparency and auditability. 

Now let’s look at Outlook integration. If I email this vendor, I can use Word templates to format the message. Once sent, the email appears in my Outlook sent items just like any other email. 

This integration also includes an Outlook add-in that provides: 

• User insights 

• The ability to create invoices 

• The ability to send documents directly into Sparkrock 365 

We also support attachment integration with OneDrive. By clicking “Open in OneDrive,” the attachment is stored securely both in Sparkrock 365 and in your OneDrive folder. 

Wendy (Sparkrock): 
Last but not least, I want to give you a quick preview of the Co-Pilot AI that’s coming to Sparkrock 365 later this year. I’ll just open my preview environment, and then we’ll wrap up with questions. 

So, when Co-Pilot is implemented, you’ll see a chat panel integrated right into the Finance solution. It lives alongside your dashboard and offers three main functions: Find, Explain, and Ask. 

Let me show you an example. I’ll ask, “How many posted purchase invoices this year?” 

Co-Pilot searches your business data, does the calculations, and returns the answer—in this case, 56 posted invoices. It also shows the logic behind the result and links you directly to the relevant page in the system. 

From there, you can dive deeper using natural language commands. For instance, you can ask it to generate a report or analyze the list further—just by typing in what you want. If you need something different, like breaking it down by vendor, you can just ask, and the report updates automatically. 

I really believe this will transform how users interact with the system. These Co-Pilot AI features will be available across all user roles and pages within Sparkrock 365. 

That’s a brief look at Sparkrock 365’s security roles, administration tools, Microsoft 365 integration, and a preview of what’s ahead with Co-Pilot AI. 

Meg (Sparkrock): 
Thanks, Wendy! Before Bri jumps in with questions, I just want to emphasize: while we focused on Microsoft today, we also offer regionalized functionality. 

For example, in Alberta, our SIS solution includes PASI integration. In BC, there are other provincial requirements, and we ensure we’re aligned with each region’s needs. 

Bri (Moderator): 
Thanks, Meg. We’ve had some great questions—let’s go through a few. 

Q: Are there advantages if we already use all the Microsoft Azure security solutions mentioned earlier? 
Karen (previously): Yes! The major benefit is protecting your sensitive data using tools you’re already familiar with. There's no need to adopt extra solutions. Plus, services like Entra ID Conditional Access are discounted when bundled with A3 or A5 security licenses. 

Also, as a Microsoft partner, we can extend K–12 discounts to you on ERP licensing, so you benefit from all those Microsoft offerings. 

Q: What if we use Google Suite instead of Microsoft—can integrations still be set up, and how quickly? 
Absolutely. While there are advantages to the Microsoft ecosystem, we also support clients using Google. Integration is not an issue. 

Q: Is there a module for electronic parent payments—either online or via POS? Is it secure, and do parents need an ERP identity? 
Great question! We recently acquired School Day, which provides that exact functionality. It supports payments, e-forms, communications, and more—all designed for schools. It’s a separate application, so parents don’t need to be ERP users, and the setup ensures proper segregation and security. 

Q: Will Co-Pilot be integrated into the ERP? 
Yes—it’s coming in 2025. You’ll start by seeing it in the Finance module, and we’ll expand it to HRP, SIS, and even School Day down the line. 

We’re a few minutes over, so I want to wrap up by thanking all of our speakers—Karen, James, Brad, Wendy, and Meg—and everyone who joined today. 

If you have more questions or need info, please reach out at connect@sparkrock.com or visit our website to get in touch. 

Thanks again and have a great rest of your day!