The list of Winter ’20 features below apply to both Salesforce Lightning Experience and Classic.

There are additional Winter ’20 features available to Salesforce Classic only, Lightning Experience only, Community Enhancements, Mobile Enhancements, Other Enhancements in the Winter ’20 Release Highlights post.

Note: These features are not listed in any specific order.

1. Flow Builder Enhancements:
   • Schedule an autolaunched flow! Set a specific date/time or its frequency (once, daily or weekly). Note: There’s an org 24-hour limit for scheduled flow executions at the scheduled start time. The org limit is whichever is greater: 250,000 records or the combined total of 200 records per user license. Check debug logs to see the number of records a flow runs on (look for the FLOW_START_SCHEDULED_RECORDS debug log line). View image full screen
   • Variables are automatically created to store output values when you add a screen component or Get Records flow element. (You can still create them yourself if you want to). In the animated gif, you will see the screen variables and get records variables automatically created. View image full screen
   • Add the ability to lookup a record on a Flow Screen, just like you do everywhere else in Salesforce. Note: For the Field API Name, you must use a API name of a lookup field. View image full screen
   • When you create a resource within a flow element, you no longer need to manual select it after it’s created. FINALLY!!!
   • Make your Flow Screen reflective!
   • Use rich text in the Text Template.
   • The interface shows longer flow element label names, (capability of the old Cloud Flow Designer) selecting certain flow elements and dragging them together across the canvas.
   • Activate or deactivate your flow within Flow Builder.
   • Apex-Defined Data Type Collection Variables now use the full set of operators in the Assignment and Decision flow elements. Previously, it only was able to use to Equals operator.
   • Send custom notifications using Flow Builder.
   • Add LWC (Lightning web components) to flow screens! To make a LWC available for use in a flow screen, lighting__FlowScreen must be a target in the component’s targets tag and IsExposed tag must be set to true. Note: To use Lightning web components, My Domain must be enabled.
   • Desktop Flow Designer or Swing Flow UI goes bye-bye.

2. Process Builder Enhancements: 

• Create a process that will execute when a new account team member.
• Send surveys via email in a process to leads, contacts and users with the Send Survey Invitation action.
• Add a merge field from the platform event message to a process.
• Set up processes that will not publish event messages when transactions fail, unless you want them to.

3. Lightning Flow Data Management Enhancements:

• Enhanced Flow view which shows managed/unmanaged, flow versions, access options. From the list, you can edit the flow details, view and action on flow versions as well as specify flow access by profile. Note: If you created custom flow list views, you will need to recreate them or switch to Classic to use them. View Image Full Screen
• When processes and flows fail, subscribe to the Flow Execution Error Event (FlowExecutionErrorEvent) platform event.
• Restrict a User’s ability to run each flow via profile or permission set. Previously, users with Run Flows, Manage Flows or Flow User permission can run all flows. On the Flows screen, select the down arrow and select ‘Edit Access.’ View Image Full Screen
• (Critical Update) Enable partial save of invocable actions so that if one single invocable action fails, everything is not rolled back and the entire transaction fails.
• Set your flow test coverage, now independent from the org’s 75% code coverage requirement for apex. Note: This only applies when deploying processes and flows as active. This setting only appears in production and not scratch, sandboxes or developer orgs.
• (Critical Update Postponed) Check for Null Record Variables or Null Values of Lookup Relationship Fields in Process and Flow Formulas was postponed to Spring ’20.

4. (Beta) Group perm sets based on user roles using Permission Set Groups for easier user permission management. You can review all combined permissions as well as remove specific permissions from the permission set group using the muting permission set functionality. Note: The muting function will remove the app or system permission from all users assigned to the permission set group, not specific individuals.

1. Current state permission set management: Future state permission set assignment using perm set groups:

This animated gif shows the Marketing Manager permission set group with two perm sets, Addison Dogster is assigned to the permission set group, shows the combined system permissions (of which one of the permissions is create list views) and how we can mute the create list views permission and shows once muted, Addison can no longer create list views.

View Image Full Screen

5. Hard limit on custom objects raised to 3,000 to accommodate custom objects from packages.

6. The “Where is this used?” button on the custom field detail page also lists reports in addition to formula, layout or apex class.

7. Sharing Enhancements:

• When you set “Secure guest user record access” on the Sharing Settings page, this will set the guest user’s OWD to “Private” for all objects.
• (Generally Available) Select a more restrictive access for your external users to more objects, without changing object access for internal users on the Sharing Settings page.
• (Beta) Set external user access to the Lead object.
• During your migration to Enterprise Territory Management, you can retain the original territory sharing records. Upon completion of the migration, use the SharingSettings API type to delete these sharing records.

8. Understand your usage of AppExchange packages by requesting a summary in a .csv file – In Setup, go to Package Usage | Request Summary. Then click on the download link under Usage Summary link. Note: A user needs create access to the App Analytics Query Request. You must refresh the page to see the link appear as there is no email notification that the summary is ready. The link expires in 15 mins.

9. Daylight Savings Time is reflected in DATEVALUE field. Note: In setup, go to Company Information | Locale Settings and check the “Improve DATEVALUE() accuracy for DST.”

10. Use OData Tracer to troubleshoot issues with OData connections with endpoints and test queries that rely on data from external data services. Note: In Setup, go to the External Data Sources page, select the external data source and clock on the “Open OData Tracer.” Then, select the query type and click “Run.”

11. Enable Shield Platform Encryption settings using the Metadata API Boolean fields on the new EncryptionKeySettings and PlatformEncryptionSettings.

12. Filter on deterministic encrypted data on skinny tables. Go to Setup | Advanced Settings and enable “Deterministic Encryption”, then apply the deterministic encryption to the field.

13. (Generally Available) Create Transaction Security Policies on any standard and custom object. Previously, you would only create policies on a few standard objects. Note: This applies to orgs with Event Monitoring enabled.

14. LoginEventStream object captures invalid as well as valid login attempts. Note: This applies to orgs with Event Monitoring enabled.

15. (Critical Update) Route My Domains through Salesforce Edge. Salesforce Edge is a service that uses machine-learning technology to improve performance by continually streamlining connectivity. If you acknowledge this update in Winter ’20, you can move your org’s My Domain to Salesforce Edge prior to the July 202 auto-activation.

16. The Domains screen has been updated to describe the current HTTPs option for each domain (i.e. My Domain, or Salesforce Sites subdomain) and a new Pending HTTPS Option column.  

17. Require users have a high-assurance session level in order to access certain Setup pages or objects. There new session security levels have been added: Manage Data Export, Manage Permission Sets and Profiles, Unlocked Users and Reset Passwords and View Health Check. Go to Setup | Identity Verification, update the settings in the Session Security Level Policies section.

18. Lightning Web Components are now open source. To develop off-platform Lightning web components, see dev. To contribute to the open-source code, see the Lightning Web Components GitHub repository.

19. You’ll see a persistent message at the top of your org when there are Security Updates needing your attention. “Learn more” link takes you to information about the enforcement date, summary of what is changing and how you are impacted. There are three security statuses (required, recommended and info only). Note: This will display for anyone with the Customize Application system permission.

20. Use Entity Element Type of the TopicAssignment object to query the name or ID of records of objects that have topics. Note: If you have code or configuration in your org that relies on the entity element of the TopicAssignment only returning contract object types, your integrations will fail if you do not make any changes.

21. Ability to customize Account Teams to collect more information, add buttons and links, build custom page layouts, add automation with triggers, processes and WFRs and maintain data integrity with validation rules. Object API: AccountTeamMember. You can report on account teams as well.

22. Boost rep productivity by setting the Opportunity Product Quantity to 1 by default so they do not need to specify the quantity.

23. Approvals Enhancements:

• You can now have 1,000 active and 2,000 total approval processes. Each object can have up to 300 active and 500 total approval processes.
• Use Notification Builder to send approval request notifications to the desktop, mobile delivery or both.

24. Users can send emails to up to 150 recipients across TO, CC and BCC fields. Previously, restricted to 100 email addresses in the TO field and 25 addresses for the BCC and CC fields.

25. The entire chat conversation is saved to a case feed item whenever there is a chat associated to a case.

26. Report and Dashboard Enhancements:

• Include active territory model information in standard activity reports with Accounts, Contacts, Opportunities and Contracts.
• Report on account teams. The UserId field on Account Team Member is now available.

27. Set File access to default to user’s record access. In Setup, go to Salesforce Files | General Settings, check the setting ‘Set file access to Set by Record for files attached to records.’

28. Remove a file from a record only and not delete it from everywhere.

29. Grant API read access to certain custom metadata types even if user/user profile does not have the Customize Application system permission. Access is given via Custom Metadata Types in the Apps section of the profile or perm set and select the custom metadata types you want to enable access for.

30. (Critical Update) Require Customize Application Permission for direct read access to a custom metadata type. This is set for auto-activation February 17, 2020.

31. Data Protection and Privacy Enhancements:

• Use the Compliance Categorization field on the field metadata to capture whether the data is associated to the General Data Protection Regulation (GDPR) or as personally identifiable information (PII) to ensure compliance. Note: To manage the compliance categorization metadata, go to Data Classification | Edit Compliance Categorization Picklist Values.
• Report on Data Classification metadata. Note: To enable reporting, create a custom report type with the Entity Definition as the primary object and Field Definition as the child object. Then you can add Data Owner, Data Sensitivity Level, Compliance Categorization and Field Usage information in a report.
• Use Change Data Capture to get near real time notification on changes to consent-related records are created, updated, deleted or undeleted. Note: To enable this, go to Change Data Capture | select the objects under Available Entities you want notifications for.

32. Critical Update, Enforced) Restrict use of Salesforce Classic HTML based  templates to secure browsers. IE doesn’t support Salesforce Content Security Policy (CSP) and as a result, this CU will prevent any HTML based email templates from being displayed in IE. Salesforce recommends using a secure browser such as Microsoft Edge, Google Chrome or Mozilla Firefox instead. Note: If you must use HTML based email templates in IE at your own risk, you can override this setting by going to Session Settings | Override Restriction for Accessing HTML-Based Email Templates in Salesforce Classic Using Internet Explorer.

33. (Security Enhancement) Replace the Customize Application permission with the Manage Territories permission to run the territory assignment rules or opportunity territory assignment filter.

34. Monitor your custom objects and custom settings and those installed from managed packages in the System Overview page. Your Custom Objects + Your Custom Settings are the active custom objects and custom settings you created in your org. The Total Custom Objects + Total Custom Settings are the custom object and custom settings that you created in your org plus the ones installed from managed packages.

35. Price Book entries now support field audit trails and field history tracking.

36. (Beta) Enforce FLS in Apex. The stripInaccesible method has been enhanced for subqueries and added the enum value UPSERTABLE to System.AcccessType. This will check the source records for subquery fields that don’t meet the field-level security check for the current user and return a list of sObjects with the fields that are only accessible to the current user.

37. Enable Manual Account Sharing in ETM (Enterprise Territory Management). Reason code Territory2AssociationManual will be added to the AccountShare records to allow users to share accounts manually with territory groups.

38. (Critical Update Enforced) Improved email security with redesigned DKIM keys. Salesforce eliminated the need to work with public and private keys. Instead, Salesforce will publish a TXT record with the public key to DNS. Removed the ability to import DKIM keys, when a new key is create, you must use a more secure method.

39. Enhance security for community users (for Lightning communities) by requiring verification when they change their email address. Note: To enable this, go to Setup | Identity Verification Setup, check the “Require email confirmations for email address changes.”

40. Setup Audit Trail now tracks some connected app policies and settings updates.

41. You can exclude consumer secrets in API responses when retrieving and deploying a configuration. To enable this, go to Setup | Auth. Providers Setup | Edit the authentication provider and then deselect “Include Consumer Secret in API Responses.”

42. Track user identity verification events to see what prompted the event, the status, whether verification was successful or why it failed, the user’s IP address and security policy required for the user identity verification. Note: This requires Event Monitoring to be enabled via Salesforce Shield or Salesforce Event Monitoring add-on subscriptions. To view the event info, the user needs the “View Data Leakage Detection Events” user permission on the profile or permission set. Go to Setup | Event Manager, click on the “Identity Verification Event” link.

43. Customizable authorization error pages no longer display on the Problem Logging In page. Just the errors will display only in the URL of the Problem Logging in page.

44. SalesforceLoginUrl field of the SamlSsoConfig metadata type has an additional parameter containing the ID of the SAML configuration (sc=samlSsoConfigId).

45. (Critical Update) Restrict access to @AuraEnabled apex methods for guest and portal users unless enabled via their profile.

46. (Critical Update) Restrict access to @AuraEnabled apex methods for authenticated users unless enabled via their profile.

47. (Critical Update) Enforce access modifiers on apex properties in Lightning component markup.

48. (Critical Update) Use with sharing for @AuraEnabled apex controllers with Implicit Sharing.

49. (Critical Update, Enforced) API only users can only access Salesforce APIs regardless of other permissions.

50. Use the Tooling API MetadataComponentDependency object to determine the dependency relationships between various metadata components in your org to see what components can be safely deleted to clean your org.

51. Perform bulk query jobs using the Bulk API 2.0 to enable asynchronous processes of SOQL queries where you return 10,000+ records.

52. Scratch orgs now have more available features that can be added to the definition file.

53. Convert existing org preferences to scratch org settings in the scratch org definition file as org preferences are not supported in Winter ’20 and the scratch org creation will fail.

54. Change Data Capture Enhancements:

• (Pilot) Include unchanged field values in a change event message.
• New changedFields Header field includes all the field names that were changed in an update operation.

55. Platform Events Enhancements:

• (Pilot) Use a CometD event filter to only receive event messages that satisfy that filter and not all event messages.
• Use the limits REST resource to monitor the hourly event publishing usage.
• Use the EventSettings metadata API to configure Streaming API settings.

56. New and Changed Developer Components:

• Lightning Components
• Apex
• API
• Salesforce CLI

57. Provide a custom caller ID in Lightning Dialer. Reps can use their own number as the caller ID in the user’s personal settings for Lightning Dialer. Note: Lightning Dialer is available at an additional cost.

58. Customizable Forecast is being retired with this release. Salesforce recommends you migrate to Collaborative Forecasts.

59. Original Territory Management is being retired with this release. Salesforce recommends migrating to ETM.

60. Data.com Prospector and Data.com Clean are being retired on July 31, 2020.