Salesforce News Roundup: July 13, 2026
ML export anomaly detection and a default Transaction Security Policy go live in production today, while Salesforce discounts Starter Suite 70% to slow the SMB drift toward vibe-coded CRMs.

Salesforce flipped two more report-security switches to full production enforcement this morning, and it is simultaneously offering 70% off Starter Suite to keep small businesses from defecting to AI-built CRMs. Two unrelated stories, one date: July 13, 2026, and both belong on your Monday list.
Anomaly Detection and Default Transaction Security Policies Are Now Live in Production
If you have followed our coverage since May, you know the shape of this year: Salesforce is rolling out a multi-month wave of security enforcement, and the report export surface has taken most of the fire. Step-up authentication for report exports reached full production enforcement on July 1, after a botched late-May rollout that fired on every report view instead of just exports and generated the loudest admin backlash of the year. That got patched to export-only, and the wave kept moving.
Today, two more controls crossed from preview into active production enforcement.
The first is ML-based anomalous export detection. Salesforce has been running this model in report-only mode since around June 22, meaning it watched and logged but blocked nothing. The three-week observation window existed so the model could build per-user baselines without disrupting anyone. As of today it enforces. The model learns each user's normal report behavior: which reports they open, when, how often, how many records they touch, and what their export patterns look like. When activity deviates from that learned baseline, the user gets a step-up authentication challenge, and here is the part that will generate help desk tickets: the challenge fires even if the user is inside their normal step-up authentication window. A user who typically views three small reports at 9am and suddenly exports 500,000 rows at 2am gets challenged, full stop. That is the system working as designed. Expect at least one confused Slack message about it this week.
The second change is quieter but arguably more consequential for Shield customers. Transaction Security Policies let admins define real-time responses, such as blocking an action or requiring extra verification, when a specified event occurs; the ReportEvent variety watches report activity. Starting today, any org with Salesforce Shield or Event Monitoring that has not created its own qualifying ReportEvent Transaction Security Policy gets a default one, auto-created by Salesforce. The default policy triggers on report exports exceeding 10,000 records. Orgs that wanted a custom threshold, or a different action when the policy fires, had until today to author their own. If your org did not, you now have Salesforce's default governing large exports whether anyone on your team planned for it or not. There was fair warning in the Help documentation, but "fair warning" and "someone on your team actually read it" are different things.
One more date matters for context. MFA enforcement for all internal users (those without the waiver permission) resumes its production rollout on July 20, on a staggered 15-day window. Salesforce paused that enforcement in late June after a bug in the phishing-resistant enrollment flow wrongly prompted some users with existing security keys to re-register. The pause only covered the all-employee rollout. Phishing-resistant MFA for privileged and admin users shipped to production on July 1 as originally scheduled.
Step back and count. May 27, step-up authentication ships. June 3, sandbox enforcement. July 1, production step-up plus privileged MFA. July 13, anomaly detection plus the default Transaction Security Policy. July 20, all-employee MFA resumes. That is four or five enforcement deadlines in roughly seven weeks, depending on how you count. If your team is not maintaining a running calendar of these dates, something on this list is going to surprise you, and the surprise will arrive as a locked-out executive or a blocked quarter-end export. None of these controls is unreasonable on its own. The pace is the problem, and the pace is not slowing down.
What to do this week
Three concrete moves, in priority order:
- Audit your Transaction Security Policies. If your org has Shield or Event Monitoring, check whether you already had a custom ReportEvent Transaction Security Policy in place. If not, you have a new default policy as of today, triggering on exports over 10,000 records. Decide whether that threshold and its behavior fit your org. If they do not, author a custom policy now rather than after it blocks someone.
- Brief your heavy report users. Anyone who runs large or off-hours exports should know that unusual volume or unusual timing may now trigger a step-up challenge, even mid-session. Tell them it is expected behavior, not a bug, before they file the ticket.
- Mark July 20. The resumed all-employee MFA rollout starts then on a staggered 15-day window. If you have internal users who still have not enrolled, this is your last quiet week.
The 70% Starter Suite Discount Is a Defensive Move, and Everyone Knows It
Salesforce Ben's Sasha Semjonova reported today that Salesforce is offering 70% off Starter Suite with promo code STARTER70, valid through July 31, 2026. Starter Suite normally runs $25 per user per month; the discount brings the effective cost to roughly $90 per user annually, or about $450 a year for a five-person team. The offer targets SMBs, can be stacked with the existing 30-day free trial, and the product covers sales, service, email marketing, commerce, AI assistance, and a bundled Slack workspace.
A 70% cut on an entry-level product is not a routine summer promotion. Vendors do not slash the price of their SMB on-ramp by two-thirds when the funnel is healthy. It is a response to something Salesforce Ben documented on July 7: SMBs are actively leaving Salesforce, and HubSpot, and ServiceNow, for custom software built with AI coding tools like Claude, Replit, and Lovable. The shorthand for these is "vibe-coded" apps, and the reported cost reductions from switching run 40-80%.
The examples are specific enough to sting. Greenleaf Management saved about $100,000 by replacing Salesforce with a custom application built using Replit and Claude Code. Their leadership's explanation was blunt: "Salesforce is super complex... They provide a lot of value, but [we were] only using a little piece of it." Oplign switched from HubSpot to an open-source CRM and reported getting "about 90% of the feature set" at "less than 5% monthly" of their prior cost. Sanofi, a pharma company with a very different budget profile, said it saved millions this year by cutting ServiceNow usage. This is not a fringe experiment anymore.
The trend has credible skeptics. Salesforce Ben's own Technical Author Tim Combridge put it plainly: "I love vibe coding, but it is dangerous, and you shouldn't be doing it." Loka CEO Bobby Mukherjee took the moderate position, saying "ripping them out is still a last resort" and suggesting companies build on top of existing platforms rather than abandon them. Both points are fair. A vibe-coded CRM has no security review, no upgrade path, and no vendor to call when it breaks at 2am. The Greenleaf math still happened, though, and $100,000 buys a lot of tolerance for rough edges.
The deeper problem the discount does not touch is complexity. In a recent survey, 58.6% of Salesforce admins said the platform is becoming increasingly complex, and true enterprise software cost of ownership often runs up to 4x higher than the advertised sticker price once implementation and consultants are counted. That perception is what pushes SMBs toward simpler, self-built alternatives, and a promo code does not change it. David Maxey, Head of AI and Supply Chain Transformation at Stealthmode, made exactly this point to Salesforce Ben: "if they would make a minimum version...using...one of the affordable Frontier models...I think there would be a massive resurgence of SMB and MM business." Price is a symptom. Complexity is the disease, and a genuinely stripped-down product built around a cheap frontier model would treat it more directly than a discount does.
To be fair, Salesforce shows signs of knowing this: the lower-cost Foundations tier exists, and the company acquired the customer service AI firm Fin. But KeyBanc downgraded the stock this month over Agentforce adoption concerns, and a July 6 Salesforce Ben piece skewered the company's habit of renaming products (Pardot to Marketing Cloud Account Engagement, Data Cloud to Data 360, AppExchange to AgentExchange), with co-founder Parker Harris acknowledging the company has "lost its way" on some of this even while insisting "if we don't go all in, we'll go obsolete." A cheaper Starter Suite is a start. It is not the fix.
Is the deal worth taking? If you are an SMB already leaning toward Salesforce, $450 a year for a five-person team is genuinely cheap, and the 30-day trial stacking means you can evaluate the product before the promo window closes on July 31. You get a real CRM with a vendor behind it for less than most teams spend on coffee. If you were leaning toward building your own, the discount probably will not change your math, because your objection was never the sticker price. It was the 4x total cost of ownership and the survey result behind it.
What to Do Next
Security first: open Setup today and check your Transaction Security Policies. If you run Shield or Event Monitoring and never created a ReportEvent policy, confirm what the new default does and decide by Friday whether it stays. Send your report power users a two-line heads-up about anomaly-detection challenges, and put July 20 on the team calendar for the MFA resumption. On the Starter Suite side, if you advise SMB clients or run one, price out STARTER70 against your actual seat count before July 31, and be honest about whether complexity, not cost, is the thing pushing you elsewhere. The discount answers one of those objections. Only one.
About the Author
Dipojjal Chakrabarti is a B2C Solution Architect with 29 Salesforce certifications and over 13 years in the Salesforce ecosystem. He runs salesforcedictionary.com to help admins, developers, architects, and cert/interview candidates sharpen their fundamentals. More about Dipojjal.
Share this article
Sources
- Balancing Security and Agility: Updates to Step-Up Authentication for Reports and Dashboards (Salesforce)
- Prepare for the Upcoming Step-up Authentication Enforcement (Salesforce Help)
- Salesforce Security Enforcement in 2026: Every Change, Date, and What Admins Must Do (Software Insights)
- Salesforce Offers 70% Off Starter Suite Until End of July (Salesforce Ben)
- Salesforce SMB Customers Switch to Vibe-Coded CRMs (Salesforce Ben)
- SMBs Swap Pricey SaaS Contracts for AI-Built Apps (PYMNTS)
- Salesforce Security Roadmap 2026: What's Changing and How to Prepare (Salesforce Ben)
Related dictionary terms
More news

Salesforce Security Enforcement Week
Step-up auth for reports broke things, Salesforce patched mid-enforcement, and the next wave hits sandboxes tomorrow. Here is the current state and what to do before July 1.

Free Agentforce Lands in Singapore
Salesforce switched on free Agentforce and Slack CRM for Singapore SMBs on July 1, 2026. Hours later, Guggenheim upgraded the stock to Buy. Here is what shipped, what it costs once you exceed free, and what to check first.
Comments
No comments yet. Start the conversation.
Sign in to share your take on this article. Your account works across every page.