Stabilize the Hostname for My Domain URLs in Sandboxes (PreviouslyReleased Critical Update)

We’re removing instance names from MyDomain URLs for sandboxes. The instance name identifies
where your Salesforce sandbox org is hosted. Removing the instance name makes the URL cleaner and
easier for users to remember, for example, MyDomain–SandboxName.my.salesforce.com replaces
MyDomain–SandboxName.cs5.my.salesforce.com. This critical update was first made available in
Summer ’18.
https://help.salesforce.com/s/articleView?id=release-notes.rn_security_domains_stabilize_mydomain_cruc.htm&release=224&type=5

Salesforce Shield: Platform Encryption: Insurance Fields, Settings viaMetadata API, and Skinny Tables for Deterministic Encryption (GenerallyAvailable)

Not only can you encrypt more data with Shield Platform Encryption, but you can manage your
encrypted data and settings more efficiently. Encrypt insurance fields and sync data to all fields and files
using the background encryption service. Enable Shield Platform Encryption settings in your scratch orgs
right from Metadata API. Get better filtering results on encrypted data with skinny table support for
deterministic encryption (generally available).
https://help.salesforce.com/s/articleView?id=release-notes.rn_security_pe.htm&release=222&type=5

Salesforce Shield: Event Monitoring: General Availability of Real-Time EventMonitoring and Enhanced Transaction Security, Legacy Transaction Security Retiring

Keeping a close eye on what’s happening in your org is easier with the new Real-Time Event Monitoring
feature, which is now generally available. Want to store the event data so that you can examine it in
more detail later? You now have six months to do it. With Enhanced Transaction Security, you can create
actions that trigger for any standard or custom object. We recommend that you start creating these
enhanced policies right away because we are retiring the legacy transaction security framework in the
future. Use the new Apex interface for asynchronous coding in your policies.
https://help.salesforce.com/s/articleView?id=release-notes.rn_security_em.htm&release=226&type=5

Salesforce – Other Security Changes: Salesforce Edge, Setup Enhancements, TLS 1.2 Enforcement, and Instanceless Sandboxes

We’re moving customers with My Domains and Custom Domains to Salesforce Edge. The Domains
Setup page now shows more details, and new session-security-level policies control access to certain
Setup pages and objects. TLS 1.2 is required for all HTTPS connections, and instance names are
scheduled to be removed from My Domain sandbox URLs
https://help.salesforce.com/s/articleView?id=release-notes.rn_security_other_changes.htm&release=222&type=5

Salesforce – Route My Domains Through Salesforce Edge (Critical Update)

We’re accelerating domain requests for My Domains. With this update, you keep the same My Domain
address, but requests go through Salesforce Edge. Salesforce Edge uses machine-learning technology to
improve connectivity and performance. You can acknowledge this update to let Salesforce move your
org’s My Domain to the new service before the July 2020 auto-activation date.
https://help.salesforce.com/s/articleView?id=release-notes.rn_security_route_edge_my_domain_cruc.htm&release=224&type=5

Salesforce – Speed Up Custom Domain Requests Through Salesforce Edge

Behind the scenes, we’re accelerating requests for Custom Domains by moving them to Salesforce Edge.
This move improves performance through machine learning. You don’t need to do anything for this
move. Keep using the same Custom Domain addresses for your Sites and Communities, and we’ll do the
rest.
https://help.salesforce.com/s/articleView?id=release-notes.rn_security_route_my_domain_edge_cruc.htm&release=226&type=5

Salesforce – Manage Access to Permission Sets, Profiles, and Password Resets withSession-Security-Level Policies

Require that users have a high-assurance session level before accessing certain Setup pages or objects.
You can even completely block users for some sensitive operations. Manage access to permission sets,
profiles, password resets, data export, and Health Check by modifying session-security-level policies.
https://help.salesforce.com/s/articleView?id=sf.security_auth_require_ha_session.htm&type=5

Salesforce – Require TLS 1.2 for HTTPS Connections (Critical Update, Enforced)

Require TLS 1.2 for HTTPS Connections was a critical update in Summer ’19 and is enforced in Winter ’20
on October 25, 2019. To maintain the highest security standards and promote the safety of your data,
Salesforce is disabling the older Transport Layer Security (TLS) 1.1 encryption protocol. All inbound
connections to or outbound connections from your Salesforce org must use TLS 1.2. Verify that your
browser access, API integrations, and other Salesforce features are compliant with TLS 1.2.
https://help.salesforce.com/s/articleView?id=release-notes.rn_networks_tls_cruc_enforced.htm&release=222&type=5

Salesforce – Stabilize the Hostname for My Domain URLs in Sandboxes (Previously Released Critical Update)

We’re removing instance names from MyDomain URLs for sandboxes. The instance name identifies
where your Salesforce sandbox org is hosted. Removing the instance name makes the URL cleaner and
easier for users to remember, for example, MyDomain–SandboxName.my.salesforce.com replaces
MyDomain–SandboxName.cs5.my.salesforce.com. This critical update was first made available in
Summer ’18. https://help.salesforce.com/s/articleView?id=release-notes.rn_security_domains_stabilize_mydomain_cruc.htm&release=224&type=5