What is Health Check and how should an admin use it?

Health Check is a Salesforce Setup tool that scores your org's security posture against the Salesforce Baseline Standard (or a custom baseline you define). Setup -> Health Check.

It compares your Session Settings, Password Policies, Network Access, Login Hours, and various security defaults against best-practice values, and gives you a score (0-100) plus a remediation list — "your password expiry is 365 days but baseline is 90, so this contributes -3 points; click Fix to update".

Categories of checks:

• Session Settings — timeout, lock IP, secure-only cookies.
• Password Policies — minimum length, complexity, expiry, reuse.
• Login IP Ranges — too-permissive ranges flagged.
• Network Access — restrictive IP ranges encouraged.
• Identity Verification — MFA configuration, identity-confirmation rules.
• Remote Site Settings — too-permissive entries flagged.

How admins use it:

1. Run it monthly. Track score over time.
2. Whenever you change a session/password/network setting, re-run.
3. After enabling Salesforce Shield or new platform features, re-check.
4. Customize the baseline if your org needs different settings (e.g., longer session timeout for kiosk-mode users).

Health Check doesn't catch everything — it's a baseline checklist, not a full security audit. Don't mistake "Health Check 100" for "we're secure". You still need permission audits, sharing audits, and Event Monitoring review for a complete picture.

Practical tip: Health Check can be a quick win for an admin inheriting an org. Running it on day one often surfaces 5-10 easy fixes.