Encrypt more Grantmaking Compliant Data Sharing records data. Gather statistics and apply active keys to data with fewer timeouts. Bring Your Own Key pages are compatible with assistive technologies. .

• Encrypt Search Index Keys with Manageable Root Keys
  Improvements to the Shield Platform Encryption architecture give you more ways to control the key material that encrypt search indexes. Salesforce has always used envelope encryption to secure your tenant secrets and customer-supplied keys. Now you can control the root key that generates and encrypts a data encryption key (DEKs) for your search indexes.
• Encrypt Grantmaking Compliant Data Sharing Comments
  Grantmaking Compliant Data Sharing records sometimes contain sensitive or personally identifiable information (PII). You can now encrypt the Comments field on the Individual Application Task Participant object.
• See Fewer Encryption Statistics and Sync Timeouts
  Gather encryption statistics and sync historical data with your active Shield Platform Encryption key faster. Improved indexing now handles large volumes of data more efficiently, resulting in fewer timeouts and faster processing times. Spend less time waiting for key management tasks to complete and more time working through your to-do list.
• Access the Bring Your Own Key Pages with Assistive Technologies
  The Bring Your Own Key pages in Setup now use Lightning Experience styling. Better contrast makes the page easier to read, and users can navigate tables and interactive page elements more easily with keyboard controls. These pages also now include clearer labels and language support for screen readers.
• Encrypt Application Form Seller Item Fields
  Client application form and a seller product sometimes contain sensitive or personally identifiable information (PII). On the Application Form Seller Item object, you can now encrypt the Vehicle Identification Number, Engine Number, Vehicle Registration Number, Property Address, Scheduled Delivery Date, Property Unit Identifier, Make, Model, and Trim fields.
• Encrypt Party Income and Party Expense Fields
  Client expense and income records sometimes contain sensitive or personally identifiable information (PII). On the Party Income object, you can now encrypt the Income As Of Date field. On the Party Expense object, encrypt the Expenses As Of Date field.
• Encrypt Party Financial Liability, Party Financial Asset, and Party Financial Asset Lien Fields
  Client financial, asset, and lien records sometimes contain sensitive or personally identifiable information (PII). On the Party Financial Liability object, you can now encrypt the Start Date, Term, Lender, and Liability Account Identifier fields. On the Party Financial Asset object, encrypt the OwnershipStartDateTime, ValuationDateTime, Description, SerialNumber, MakeName, ModelName, and ModelYear fields. On the Party Financial Asset Lien object, encrypt the Lien Holder and Maturity Date fields.

To help you identify hard-coded instanced URLs, the SOURCE_HOSTNAME field on the Hostname Redirects event type now tracks redirections for these URLs. For example, if your Salesforce instance is IND76, legacy instanced hostnames include ind76.salesforce.com, ind76.lightning.force.com, and MyDomainName--c.ind76.content.force.com. Redirections for legacy My Domain hostnames stop in Winter ’25. Previously, the HOSTNAME_REDIRECT field only tracked redirections from My Domain hostnames that didn’t contain an instance name.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions. The Hostname Redirects event is available in the API but not in the Event Monitoring Analytics app. This event is free for all customers with a 24-hour data retention period.

How: First, enable redirection logging. From Setup, in the Quick Find box, enter My Domain, and then select My Domain. In the Redirections section, click Edit. Select Log Redirections, and save your changes.

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_em_log_instanced_redirections.htm&release=250&type=5

To maximize the efficiency of your applications, capture detailed network performance metrics with the new UI Telemetry Timing events. Use the Resource Timing event log file type to measure how long a browser takes to load specific application resources from a remote server. Use the Navigation Timing event log file type to track metrics related to page navigation, such as how long a browser takes to construct a page’s Document Object Model (DOM).

Where: This change applies to Lightning Experience in Enterprise, Performance, Unlimited, and Developer editions where Event Monitoring is enabled. The events are available in the API and in the Event Log Browser, but not in the Event Monitoring Analytics app.

Who: This change is available to customers who purchased Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_em_ui_telemetry_timing.htm&release=250&type=5

Adjust your event log file data retention period and download up to 1 year of event log file data in case of a security incident.

Where: This change applies to Lightning Experience and Salesforce Classic (not available in all orgs) in Enterprise, Performance, and Unlimited editions where Event Monitoring is enabled.

Who: This change is available to customers who purchased Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.

How: From Setup, in the Quick Find box, enter Event Monitoring Settings and then select Event Monitoring Settings. Enable the Retain event log files setting. Then, to specify the number of days to retain your data, use the eventLogRetentionDuration field on the EventSettings Metadata API type.

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_em_download_elf.htm&release=250&type=5

Get easy access to all of your Event Log File data by using the Event Log File Browser directly in Setup without the need for third-party tools.

Where: This change applies to Lightning Experience in Enterprise, Performance, Unlimited, and Developer editions where Event Monitoring is enabled.

How: From Setup, in the Quick Find box, enter Event Log File Browser and then select Event Log File Browser. To download event log file data, select a date range and, from the dropdown list next to the event log file, select Download as CSV File.

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_em_elf_browser.htm&release=250&type=5

Store and query all of your event data via the API with the new event log object framework (beta) that captures event data in standard objects.

Where: This change applies to Lightning Experience and Salesforce Classic (not available in all orgs) in Enterprise, Performance, and Unlimited editions where Event Monitoring is enabled.

When: Event log objects (beta) won’t be functional for US East Hyperforce customers until at least June 2024.

Who: This change is only available to a subset of US East Hyperforce customers who purchased the Salesforce Shield or Salesforce Event Monitoring add-on subscriptions.

How: Access Event Log Objects via the API or through CRM Analytics.

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_em_event_log_objects.htm&release=250&type=5

Explore and download all of your event log file data using the Event Log File Browser in Setup. Tailor your event log file data retention period to your needs, up to 1 year. Store and query all of your event data via the API by using Event Monitoring’s Event Log Objects (beta). Capture detailed network performance metrics with the new UI Telemetry Timing events. Track redirections for your instanced URLs.

• Query Low-Latency Event Data with Event Log Objects (Beta)
  Store and query all of your event data via the API with the new event log object framework (beta) that captures event data in standard objects.
• Access and Download Event Log File Data with the Event Log File Browser (Generally Available)
  Get easy access to all of your Event Log File data by using the Event Log File Browser directly in Setup without the need for third-party tools.
• Download Up to 1 Year of Event Log Files
  Adjust your event log file data retention period and download up to 1 year of event log file data in case of a security incident.
• Track Network Performance Metrics
  To maximize the efficiency of your applications, capture detailed network performance metrics with the new UI Telemetry Timing events. Use the Resource Timing event log file type to measure how long a browser takes to load specific application resources from a remote server. Use the Navigation Timing event log file type to track metrics related to page navigation, such as how long a browser takes to construct a page’s Document Object Model (DOM).
• Identify Instanced Hostname Redirections
  To help you identify hard-coded instanced URLs, the SOURCE_HOSTNAME field on the Hostname Redirects event type now tracks redirections for these URLs. For example, if your Salesforce instance is IND76, legacy instanced hostnames include ind76.salesforce.com, ind76.lightning.force.com, and MyDomainName--c.ind76.content.force.com. Redirections for legacy My Domain hostnames stop in Winter ’25. Previously, the HOSTNAME_REDIRECT field only tracked redirections from My Domain hostnames that didn’t contain an instance name.

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_em.htm&release=250&type=5

Encrypt more Nonprofit Cloud data. Net Zero Cloud objects are compatible with Field Audit Trail. Event Log File Browser is generally available for easy access to event log files right from Setup. And say goodbye to third-party tools for digging into event logs. Event Monitoring’s new event log object framework (beta) captures event data in standard objects that support direct queries via API.

• Event Monitoring
  Explore and download all of your event log file data using the Event Log File Browser in Setup. Tailor your event log file data retention period to your needs, up to 1 year. Store and query all of your event data via the API by using Event Monitoring’s Event Log Objects (beta). Capture detailed network performance metrics with the new UI Telemetry Timing events. Track redirections for your instanced URLs.
• Field Audit Trail
  Add Net Zero Cloud objects to your Field Audit Trail retention policies.
• Shield Platform Encryption
  Encrypt more Grantmaking Compliant Data Sharing records data. Gather statistics and apply active keys to data with fewer timeouts. Bring Your Own Key pages are compatible with assistive technologies. 

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_shield.htm&release=250&type=5

To receive notifications via the Consent Event Stream, users need either the ReadAllData or the PrivacyDataAccess permission assigned to them. Previously, this requirement was documented but not enforced. To resolve any disruptions that your users experience as a result of this change, assign one of the applicable permissions to them.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.

Who: This change impacts users who received notifications via the Consent Event Stream without having the documented permissions assigned to them. Notifications are interrupted for those users.

How: To re-enable Consent Event Stream notifications, assign users the ReadAllData or PrivacyDataAccess permission with permission sets or profiles (can be outdated or unavailable during release preview).

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_privacy_consent_event_stream_permissions.htm&release=250&type=5

To improve the user experience in Privacy Center, we updated the user interface text in several places. We also changed the behavior of two privacy policy filter operators.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.

How:

• Review these changes in filter conditions for privacy policies.
  • The is before operator was renamed to: is within the last. This operator captures records whose date field is within a specified number of days before the policy execution date. For example, if the specified number of days is 45, then matching records need a date field that’s within 45 days before the policy execution date. The new functionality better serves customer use cases.
  • The is after operator was renamed to: is beyond the last. This operator captures records whose date field is beyond a specified number of days before the policy execution date. For example, if the specified number of days is 45, then matching records need a date field that’s more than 45 days before the policy execution date. The new functionality better serves customer use cases.
  • The Number of Days field was renamed to: Number of Days Relative to Policy Execution Date. This change clarifies the field’s meaning.
  • The Preview field was renamed to: Summary. Additionally, we inserted a disclaimer that this field’s content is for informational purposes and isn’t valid Salesforce Object Query Language (SOQL).
• When a user applies the Permanently delete records setting to a privacy policy, a warning banner alerts the user about the setting’s risks. This change helps customers avoid accidental data loss.
• When a user cancels an in-progress job for a privacy policy, Salesforce prompts them to confirm the action with a warning. Canceling in-progress jobs can cause some records to be modified or unrecoverable. The updated warning message clarifies these risks.

https://help.salesforce.com/s/articleView?id=release-notes.rn_security_privacy_ui_changes.htm&release=250&type=5