we are committed to delivering innovative solutions that drive growth and add value to our clients. With a team of experienced professionals and a passion for excellence.

Follow us

Health Check Email Notifications – Proactive Security Monitoring

Health Check Email Notifications – Proactive Security Monitoring

Images
Authored by
Nitish Jadhav
Date Released
June 30, 2026
Comments
No Comments

INTRODUCTION

Salesforce Health Check is one of the org’s most important tools—it monitors security configuration, identifies risks, and provides recommendations for improvement. Yet it’s also one of the most neglected. Admins forget to check it regularly. Security scores decline silently. Risks accumulate unnoticed. Then an audit happens and suddenly everyone’s scrambling to address security issues that have been known for months.

Spring ’26 addresses this problem with automatic Health Check email notifications. When security scores drop, admins are automatically notified. No more remembering to check. No more discovering problems during audits. Proactive monitoring becomes effortless.

This post explores what Health Check notifications do, why proactive monitoring matters, and how to set them up properly.


THE HEALTH CHECK PROBLEM

Why Manual Monitoring Fails

What Health Check Does

Purpose:
Health Check is Salesforce’s diagnostic tool that monitors org security configuration and provides recommendations for improvement.

What It Monitors:

  • Password policies
  • Two-factor authentication adoption
  • API security
  • Login security
  • Session management
  • Encryption settings
  • Field-level access
  • Custom code quality
  • Setup best practices
  • Overall security posture

How It Scores:

Health Check produces:

– Overall Security Score (0-100%)

– Risk Level (Good, Warning, Poor)

– Detailed recommendations for improvement

– Category breakdowns (Password Security, Login Security, etc.)

The Problem: Manual Checking

How It Works (Before Spring ’26):

Admin must:

  1. Navigate to Setup → Health Check
  2. View current score
  3. Compare to previous score (mentally, usually)
  4. Identify changes
  5. Review recommendations
  6. Decide what to fix
  7. Remember to do this regularly

Problems with Manual Approach:

Problem 1: Easy to Forget

  • No reminder
  • Busy admin forgets
  • No alert when score drops
  • Issues go undetected for weeks/months

Problem 2: Reactive Not Proactive

  • Admin only finds problems if checking
  • Usually discovers during audit
  • Last minute scramble to fix
  • Risk exposure period long

Problem 3: Inconsistent Monitoring

  • Some months checked regularly
  • Other months forgotten
  • No consistent baseline
  • Trend tracking missed

Problem 4: Hidden Issues

  • Security gaps accumulate
  • Admin unaware
  • Audit discovers problems
  • Credibility damage
  • Rushed remediation

Real Scenarios Where This Matters

Scenario 1: Gradual Security Decline

Month 1: Score 85% (Good)

Month 2: Score 80% (Warning)

Month 3: Score 75% (Warning)

Month 4: Score 70% (Poor)

Month 5: Score 65% (Poor)

Month 6: Audit happens

 

Admin unaware of decline

Multiple issues found during audit

Last-minute fixes

Audit findings unfavorable

Scenario 2: Compliance Audit

Compliance officer: “What’s your org security score?”

Admin: “Let me check…”

Admin navigates to Health Check

Score is 62% (Poor)

Admin embarrassed

Issues found during audit

Compliance concerns raised

Scenario 3: Security Incident

Org has minor security issue

Health Check flagged it 2 months ago

Admin never checked

Issue lingered

Issue exploited

Incident occurs

Post-incident review: “Health Check warned about this”


THE HEALTH CHECK NOTIFICATION FEATURE

Spring ’26 Solution

What Health Check Notifications Do

Core Capability:
Automatically email admins when Health Check score drops.

Trigger:
Score changes significantly (threshold configurable):

If current score < previous score:

→ Email notification sent

→ To configure recipients

→ With score details

→ With recommendations

Notification Content:

Email Subject: “Salesforce Health Check Alert – Score Decreased”

Email Body:

– Previous score: 85%

– Current score: 80%

– Risk level: Warning

– Key areas affected:

  – Login Security (dropped 10%)

  – Password Policy (dropped 5%)

– Recommendations for improvement

– Link to Health Check dashboard

– Call to action: Review and remediate

Configuration

How to Enable:

  1. Go to Setup → Health Check
  2. Look for “Email Notification” section
  3. Toggle enable/disable
  4. Add notification recipients
  5. Save

Who Gets Notified:

Can add:

– Specific admin by username/email

– Multiple recipients

– Distribution lists

– Admin groups

– Custom recipients

Frequency:

Notification sent:

– When score drops below threshold

– Not every minor change

– Only significant declines

– Prevents notification overload


SETTING UP NOTIFICATIONS PROPERLY

Heading: Implementation Best Practices

Step 1: Enable Notifications

In Health Check:

  1. Navigate to Setup → Health Check
  2. Find “Email Notification” section
  3. Click toggle to enable
  4. Confirm enablement

Step 2: Configure Recipients

Who Should Get Notified:

Definitely Include:

  • Primary Salesforce Admin
  • Org Security Officer (if exists)
  • System Administrator responsible for compliance

Possibly Include:

  • Secondary admin (backup)
  • Security team manager
  • Compliance officer
  • CIO or IT director

How to Add:

In notification recipients field:

– Type user name or email

– Click Add

– Repeat for each recipient

– Save configuration

Step 3: Test Configuration

Before Production:

  1. Create test scenario (sandbox or scratch org)
  2. Deliberately drop score (disable security feature)
  3. Verify notification sent
  4. Check email arrives
  5. Verify content readable
  6. Confirm link to Health Check works

Step 4: Document Configuration

Create Record:

Health Check Notifications Setup

Enabled: Yes

Recipients: 

  – admin@company.com

  – security@company.com

Notification threshold: Score drops X%

Last reviewed: [Date]

Next review: [Date]

Purpose:

  • Audit trail
  • Know who’s notified
  • Know configuration
  • Easy to update

RESPONDING TO NOTIFICATIONS

What to Do When You Receive an Alert

When Notification Arrives

Step 1: Review the Alert

Email contains:

  • Previous score vs current score
  • Categories affected
  • Risk assessment
  • Specific recommendations
  • Link to Health Check dashboard

Initial Review:

  • Understand what changed
  • Note severity
  • Identify areas affected
  • Plan response time

Step 2: Navigate to Health Check

In Setup:

  1. Go to Setup → Health Check
  2. View current score
  3. Review recommendations
  4. Understand specific issues
  5. Identify fixes needed

Step 3: Analyze Issues

For Each Area with Lower Score:

  • Understand the issue
  • Identify root cause
  • Determine fix required
  • Estimate effort
  • Schedule remediation

Step 4: Plan Remediation

For Each Issue:

Issue: Two-Factor Authentication adoption only 60%

Fix: Require 2FA for all users

Timeline: 2-week rollout with communication

Owner: Security admin

Approval needed: CIO

Communication: User email before enforcement

Step 5: Execute and Track

After Fixing:

  1. Implement fix
  2. Verify change in Health Check
  3. Monitor score improvement
  4. Document resolution
  5. Prevent regression

Step 6: Re-Check and Follow Up

After Remediation:

Issue fixed

Health Check score re-checked

Score improved

Document resolution

Monitor for regression

Plan next check


WHAT TO LOOK FOR IN HEALTH CHECK SCORES

Understanding Key Metrics

Critical Areas

Password Policies:

  • Minimum password length
  • Complexity requirements
  • Password history
  • Password expiration

Two-Factor Authentication:

  • Adoption rate (aim for 100%)
  • Enforcement for all users
  • Backup authentication methods

Session Management:

  • Session timeouts
  • Concurrent session limits
  • Remember me control

API Security:

  • API token expiration
  • OAuth token settings
  • Remote access policies

Encryption:

  • Field-level encryption
  • Transmission encryption
  • Certificate settings

Common Issues

Issue 1: Low 2FA Adoption

Health Check: “2FA adoption only 60%”

Action: Communicate requirement, enforce gradually

Timeline: 4-week rollout

Expectation: 90%+ adoption

Why: Prevents account compromise

Impact: Major security improvement

Issue 2: Password Policy Weak

Health Check: “Password requirements below recommended”

Action: Update password policies

Changes: Increase length, add complexity, set expiration

Timeline: Immediate, communicate in advance

Why: Prevents brute force attacks

Impact: Moderate security improvement

Issue 3: Session Timeout Long

Health Check: “Session timeout 2 hours”

Action: Reduce to 30 minutes

Trade-off: Impacts user convenience

Timeline: Gradual reduction

Why: Limits unauthorized access

Impact: Moderate security improvement


FINAL THOUGHTS

Health Check email notifications are exactly what they appear to be: a quality-of-life improvement for admins. But quality-of-life improvements often have outsized importance. Small features that remove friction create big behavioral changes.

Before notifications, checking Health Check was optional and easily forgotten. After notifications, admins have no excuse—issues are brought to attention automatically. Proactive monitoring becomes the default behavior instead of a nice-to-have.

The security benefit is real. Issues caught early are solved cheaply. Issues discovered during audits are solved expensively. Automatic notifications shift the balance toward early detection.

For any Salesforce admin, enabling Health Check notifications is a zero-effort decision with disproportionate benefit. Takes five minutes to set up. Provides months of automatic security monitoring. Prevents audit surprises. Enables proactive risk management.

More broadly, it exemplifies Salesforce’s approach to platform improvement: identify friction points in admin workflows and remove them. Make the right thing (security monitoring) the path of least resistance. Let automation handle what shouldn’t require manual effort.

If you haven’t enabled Health Check notifications, consider it a must-do. If you have, make sure the right people are subscribed. Either way, use the notifications as a trigger for action, not just information. Health Check scores matter. When they drop, something has changed and deserves investigation.

 

Leave a Reply

Your email address will not be published. Required fields are marked *