As previously announced, Providence and vendors using outdated encryption for Azure Active Directory communications have until October 31 to update devices and applications. This is a Microsoft requirement, and no exception process is available.
A cross-functional IS team has been working with known application owners to make sure they have been updated to TLS 1.2 before the October 31 deadline if they authenticate against Microsoft Azure Active Directory (AAD). Among the applications identified are OnBoardMe CS and PSJH CMG Client App.
Actions Requested
- If you are responsible for applications or devices utilizing Microsoft Azure, please ensure they have been updated to TLS 1.2 encryption.
- Business relationship owners with vendors who connect with Providence need to engage those vendors to ensure critical services will not be impacted.
- Providence Cybersecurity and Cloud Engineering are available to assist in determining if your applications/devices are impacted and remediation steps.
Note: Providence policies have require TLS 1.2 or greater for network connections (see PSJH-EIS-955.02 for reference). While this deadline is specific to Microsoft Azure Active Directory, all internet-facing servers, appliances and applications should have at least TLS 1.2 encryption with trust certificates. If you are responsible for applications or devices with external network connections, please continue to focus on deprecation of legacy TLS, even if they are not impacted by this October 31 deadline.
More info
Please contact informationsecurity@providence.org.