To keep things as simple as possible, assume each of these laptops will be lost, stolen, infected and hacked.
So the precautions to take are:
Install any of the numerous free AV packages or rely on Windows 10 protection.
Do not permit any of the laptops to connect to your internal admin network, only allow them to connect to the internet.
Create a full set of installation discs for each laptop (and remember to record the license details somewhere secure and always available - e.g. on Bader ); so when a laptop is infected, etc. you can wipe it and start again with a fresh install.
Create one staff user account, one cadet user account and one admin account on each laptop (store the admin credentials for each laptop somewhere secure, etc…).
On your Acceptable Use Policy (that all your staff and cadets will read and sign) make it 100% clear that the laptops are NOT secure and that no personal information is to be stored on them; also that the laptops are not backed-up and anything saved on a laptop will be deleted without notice.
Spend your future parade nights sorting out laptop issues!
The problem with squadron laptops is that they will be used perhaps 2 or 3 hours a week; they spend the majority of their existence either sitting in a cold (possibly damp) cupboard or permanently on charge - and regardless of improvements in battery technology, it’s still not good for them.
At the moment, I’m looking at a Raspberry Pi solution - so a classroom with 10 or even 20 Pis is a very cheap solution; even if you factor in the cost of monitor, keyboard and mouse, it’s looking like a seriously good approach!
Also, if a Raspberry Pi gets infected or trashed, simply re-write the microSD (from the master copy that you’ve kept secure, etc,) and start again.
Perhaps this should come under the things that make me laugh or grind my gears topics because individual squadrons shouldn’t be re-inventing the wheel - there should be one simple IT set-up that can be rolled-out to every Squadron.