Prepare for Step-up Authentication in Anomalous Report Export

To further mitigate data exfiltration risks, Salesforce is deploying a dynamic security control for UI report actions. When Salesforce detects significant deviations in a user's activity when running or viewing reports in Salesforce, the user must complete step-up Multi-Factor Authentication (MFA) to proceed.

For more info on the roadmap of upcoming targeted Security changes for the Salesforce Platform, see: Security-Related Product Updates to the Salesforce Platform.

Why Is Salesforce Making This Change

Report Exports and large data queries are primary vectors for unauthorized data exfiltration. By leveraging machine learning to detect behavioral anomalies in near real-time, Salesforce can block potentially malicious exfiltration attempts by unauthorized actors before the data leaves the org.

When Does This Change Take Effect

• Sandboxes: Starting June 22, 2026
• Production: Starting July 13, 2026

Note: Salesforce rolls this change out via a gradual activation plan, starting with a report-only mode before full auto-containment actions.

Who's Affected

• All Salesforce users who access reports in sandbox and production orgs.

What to Expect

Most users will experience no change to their daily workflow. 

However, if Salesforce detects anomalous behavior, the user sees these changes.

• UI Sessions: The user is challenged with a Step-up MFA challenge on their next sensitive action (e.g., report export), even if they have recently performed Step-up MFA.

Note: If the user has not registered a Salesforce MFA verifier and lacks a valid email address or phone number, they will be unable to complete the Step-up MFA challenge on their next sensitive action (e.g., report export) and will be blocked from proceeding.