This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
- The Google for Education Community Platform
- Primary and Secondary Education Communities
- ELP Admin Community
- Discussions
- Peer-Peer Topics
- Device Bound Session Credentials (DBSC)
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Device Bound Session Credentials (DBSC)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Hello
I am kind of curious to find out if other IT administrators have thought or have already enabled evice Bound Session Credentials (DBSC) for there schools? I know that this is not just about enabling it to work that you also have to setup rules for it to works properly. I know alot of you cannot share fulle extent of your fules that you setup but could I get good example of what you may set. We have been thinking about enabling this feature but wanted to reach out to other places to see what there expierences have been with it
Topics:
- Topics:
-
Google Workspace
Reply
2 REPLIES 2
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
The feature itself shouldn't have to be enabled, as that button is supposed to be removed when it has been rolled out completely. However, it's going to take several months to complete the rollout.
This was mailed to all beta organisations.
Dear Google Workspace for Education administrator,
We’re writing to inform you that starting May 25, 2026, Device Bound Session Credentials (DBSC) will move from beta to general availability (GA), which may take up to 3 months for full rollout. As part of this transition, we are simplifying the management experience by removing the specific beta DBSC setting from your Admin console and enabling the protection by default for all Google Workspace domains.
We’ve provided additional information below to guide you through this transition.
What this means for your institution
As a participant in the DBSC beta phase, your domain has already benefited from hardware-backed protection. DBSC protects your institution by cryptographically binding the sessions to the physical hardware of the device. This prevents attackers from using stolen "session identifiers" (cookies and tokens) to bypass sign-in protections. Learn more in Prevent cookie theft with session binding.
Key change:
The manual toggle previously used to manage the beta phase (located in Admin console > Security > Access and data control) will be removed.
DBSC will be enabled by default as part of its integration into standard, foundational security protections against session theft. At launch, DBSC will work with the Chrome browser.
What you need to do
No action is required. Starting May 25, 2026, the protection will transition to GA automatically.
As an administrator, you can:
- Monitor impact: You can continue to verify the efficacy of this feature and identify hardware binding status through your Audit Logs.
- Navigate to: Admin console > Reporting > Audit and Investigation > User log events.
- Look for the DBSC key binding event; a status of Success indicates that the user’s session is protected with DBSC.
- Inform IT support teams: You may wish to inform your IT support teams that Windows and Mac users on Chrome might continue to have hardware-bound sessions, which will remain visible in security audits.
We’re here to help
For more information on how DBSC works and how to view audit logs, please visit the Workspace Help Center.
Thanks for choosing Google Workspace for Education.
– The Google Workspace for Education Team
--
https://wheretofind.me/@NoSubstitute
https://wheretofind.me/@NoSubstitute
Reply
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
2 weeks ago
Thank you
