The AppExchange is Salesforce's marketplace for third-party apps, components, and consulting services. Admins encounter it primarily as the source of installable managed packages — Conga, DocuSign, Geopointe, Apsona, the various data quality tools, and so on.
Before installing any package, an admin should:
- Read the AppExchange listing's security review status. Salesforce-reviewed packages have passed a security audit; unreviewed listings are riskier.
- Install in a sandbox first. Always. Never click Install Now against production from a marketing email.
- Choose the right install audience — Install for Admins Only, Install for All Users, or Install for Specific Profiles. Most managed packages should start as Admins Only.
- Inventory what the package adds: custom objects, custom fields, Apex classes, triggers, flows, profiles, permission sets. Salesforce shows a preview but you should also pull a metadata diff after install.
- Check field/object/code limits. Each managed package counts against your limits (custom objects, custom fields per object, Apex code lines, etc.). A bloated package can push you near caps.
- Plan for upgrades and uninstalls. Read the package's upgrade history. Test the documented uninstall path in sandbox — some packages leave stranded data or orphaned references when removed.
Two related concepts: Unmanaged Packages are open source-style — fully editable in your org but not upgradeable from the publisher. Unlocked Packages are a Salesforce DX construct for internal modular distribution.