Remove the Manage Encryption Keys Permission from the System Admin Profile (Previously Released Critical Update)

Admins must actively assign the ability to perform key management roles. The Manage Encryption Keys permission is revoked for the standard admin profile when you activate this Critical Update. Custom profiles that include the Manage Encryption Keys permission are not affected. Any user who has the permission through a custom profile or permission still has the permission. This critical update was first made available in Spring ’16 and applies only to customers who enabled Shield Platform Encryption before the Spring ’16 release.

Where: This change applies to Lightning Experience and Salesforce Classic in Enterprise, Performance, Unlimited, and Developer editions.

When: This critical update is automatically activated in Spring ’29.

Who: This critical update applies to customers who enabled Shield Platform Encryption before the Spring ’16 release. Customers who enabled Shield Platform Encryption after the Spring ’16 release are unaffected by this critical update.