Activities in Secure That Trigger a Metadata Deployment

This article covers how to deploy custom metadata in Secure.

1. Settings
   1. You can configure both an API version and beta features which the Platform Encryption Analysis jobs run against in the Settings tab. This updates the custom metadata records but requires a deployment to do so.
   2. A Fill Rates process runs either from the Data Classification tab or a Security Insights job. On the Settings tab, you can set the number of recent records for a Fill Rates analysis for an object. This value is stored in the Batch Configuration custom metadata record.
   3. Both of these changes are deployed upon clicking the Apply Changes button.
2. Setup a Multi Org
   1. In Settings, you can connect multiple Child Orgs to one (1) Parent Org. This allows reports on all connected environments within the parent environment. To do this, deploy custom metadata.
      1. In the Child Org, deploy a Connected App which accepts requests from the Parent Org.
      2. In the Parent Org, deploy an Auth Provider which connects to the Connected App in the Child Org.
      3. After deploying the Auth Provider in the Parent Org, deploy a Named Credential which uses the Auth Provider to enable reporting on the Child Org.
3. ​​​​​​​Migration
   1. ​​​​​​​​​​​​​​In the Settings tab, configure both an API version and beta features that the Platform Encryption Analysis jobs run against.
   2. When migrating data from Secure for Shield to Secure, deploy the settings in the Secure for Shield installation to the Secure installation.
4. ​​​​​​​History Retention Policy Management
   1. ​​​​​​​​​​​​​​The History Retention Policy Manager is the front end for History Retention Policies. There is no location to set these within the Salesforce setup menu. A manual deployment is required.
   2. This app provides a place to configure History Retention Policies for each object.
   3. Field History Tracking can be toggled on and off for individual fields from this app.
   4. Either of these actions cause a deployment.
5. ​​​​​​​Visiting Settings, Platform Encryption Analyzer, or Data Classification Tabs After an Install or Upgrade
   1. ​​​​​​​​​​​​​​In the Settings tab, select a ruleset by API version for the Platform Encryption Analyzer to run against.
   2. When you install or upgrade the application, ensure you are selecting the highest Platform Encryption Analysis ruleset that also supports the Org API version.
   3. Examples:
      1. ​​​​​​​​​​​​​​If the Org is at API version 53, and the max PEA supported version is 52, you need to select 52.
      2. If the Org is at API version 52, and the max PEA supported version is 52, you need to select 52.
      3. If the Org is at API version 51, and the max PEA supported version is 52, you need to select 51.
   4. ​​​​​​​​​​​​​​After an install or upgrade, a flag called Installed is set.
   5. If this flag is set to true, the first time you visit the Settings, Platform Encryption Analyzer, or Data Classification tabs, we evaluate which ruleset to select.
   6. This will cause a deployment of the custom metadata.

​​​​​​​