Running Health Check is straightforward: open the page, read the score, and click Fix Risks on the settings that diverge from the baseline. The work is on the consumption and remediation side. Run it quarterly at minimum, monthly for compliance-heavy orgs.
- Open Health Check
Setup, Quick Find Health Check, click the link under Security. The page renders the current score, the baseline comparison, and the list of At Risk and High Risk settings.
- Review the score and the category breakdown
The top of the page shows the overall score. Below it, the score is broken down by category. Identify the lowest-scoring categories: Password Policies, Session Settings, Network Access. Focus remediation there.
- Click Fix Risks on a High Risk setting
Each High Risk setting has a Fix Risks link. Clicking opens the relevant Setup page with the baseline-recommended value highlighted. Review the recommended value, accept or adjust, save.
- Verify the score impact
After saving, return to Health Check. The score updates within a minute. Confirm the setting moved from High Risk to Compliant. If it did not, the saved value does not match the baseline target; re-check.
- Import a Custom Baseline if needed
For compliance-specific targets (HIPAA, PCI DSS), click Import Custom Baseline at the top of the page. Upload the XML file. Switch the active baseline to the custom one. The score recalculates against the new targets.
- Schedule a recurring review
Set a recurring Outlook or Google Calendar reminder for monthly or quarterly Health Check reviews. Salesforce updates the Standard Baseline with each release, so a previously 95 percent org can drift to 85 percent without any settings changing on the org side.
The Salesforce-recommended default set of security settings. Updated each major release. Most orgs use this baseline.
Org-imported XML definition that overrides the standard. Used for industry-specific compliance frameworks (HIPAA, PCI DSS, NIST CSF).
One-click remediation that opens the divergent setting with the baseline value highlighted. Streamlines remediation work.
Trend chart showing the Health Check score across the last 12 months. Used in compliance audits and quarterly security reviews.
Per-category sub-score: Password Policies, Session Settings, Network Access, Certificate Management, Sharing Settings, Login Behaviors.
- The Standard Baseline updates each Salesforce release. A previously 95 percent score can drop to 85 percent without any org-side setting changes. Re-review after each release.
- Health Check measures configuration, not behavior. A high score on MFA does not guarantee every user has enrolled MFA. Cross-check with the MFA enrollment report.
- Custom Baselines require an XML file in the documented format. Importing an invalid file silently fails. Validate against the Salesforce-published schema before uploading.
- Fix Risks does not always pick the most secure value. It picks the baseline-recommended value, which may not be the strictest possible setting. Compliance-driven orgs often go beyond the baseline.
- The score is a snapshot. It does not track whether a setting was loosened temporarily and then re-tightened. Use Setup Audit Trail to confirm temporal changes around the score.