Require that users have a high-assurance session level before accessing certain Setup pages or objects.
You can even completely block users for some sensitive operations. Manage access to permission sets,
profiles, password resets, data export, and Health Check by modifying session-security-level policies.
https://help.salesforce.com/s/articleView?id=sf.security_auth_require_ha_session.htm&type=5

Require TLS 1.2 for HTTPS Connections was a critical update in Summer ’19 and is enforced in Winter ’20
on October 25, 2019. To maintain the highest security standards and promote the safety of your data,
Salesforce is disabling the older Transport Layer Security (TLS) 1.1 encryption protocol. All inbound
connections to or outbound connections from your Salesforce org must use TLS 1.2. Verify that your
browser access, API integrations, and other Salesforce features are compliant with TLS 1.2.
https://help.salesforce.com/s/articleView?id=release-notes.rn_networks_tls_cruc_enforced.htm&release=222&type=5

We’re removing instance names from MyDomain URLs for sandboxes. The instance name identifies
where your Salesforce sandbox org is hosted. Removing the instance name makes the URL cleaner and
easier for users to remember, for example, MyDomain–SandboxName.my.salesforce.com replaces
MyDomain–SandboxName.cs5.my.salesforce.com. This critical update was first made available in
Summer ’18. https://help.salesforce.com/s/articleView?id=release-notes.rn_security_domains_stabilize_mydomain_cruc.htm&release=224&type=5