
Microsoft has announced that it is accelerating its transition to post-quantum cryptography (PQC) amid growing concerns that cryptographically relevant quantum computers could arrive sooner than previously anticipated.
The company now aims to transition critical products and services to quantum-safe cryptography by 2029.
Microsoft Azure CTO Mark Russinovich said advances in quantum computing research and recent government guidance have shortened the expected timeline for organizations to prepare. U.S. and French authorities, as well as experts in the field, have urged the adoption of quantum-resistant cryptography in certain high-risk systems around 2030, reinforcing the need for organizations to begin planning now.
Microsoft is incorporating quantum-safe requirements into its Secure Future Initiative (SFI), the company's security engineering program, with the goal of integrating post-quantum readiness into its development lifecycle. Rather than focusing solely on replacing existing encryption algorithms, Microsoft says the transition will emphasize building crypto-agility so systems can adopt future cryptographic standards without requiring major redesigns.
The company outlined three primary engineering priorities for the transition:
- The first is upgrading network cryptography by making TLS 1.3 the default protocol, creating a foundation for hybrid and post-quantum key exchange as standards mature.
- The second is improving crypto-agility for data at rest by eliminating hard-coded algorithms, standardizing key management, and making cryptographic settings configurable outside applications.
- The third focuses on modernizing cryptographic trust chains, including code signing, certificate issuance, hardware-backed key protection, and software update infrastructure.
Microsoft said the biggest challenge facing organizations is not selecting new quantum-resistant algorithms but identifying where cryptography is already used across applications, services, identities, certificates, networks, and hardware. As a result, the company recommends an inventory-first approach that maps cryptographic dependencies before organizations begin modernization efforts.
The company also highlighted growing concerns over “harvest now, decrypt later” attacks, where encrypted data stolen today could be stored and decrypted in the future once sufficiently powerful quantum computers become available. Organizations handling long-lived sensitive information are increasingly prioritizing protections against this risk.
Microsoft recommends that organizations begin preparing immediately by establishing a long-term cryptography strategy, building crypto-agility into new systems, maintaining a comprehensive inventory of cryptographic assets, and adopting modern protocols such as TLS 1.3 wherever possible.
While practical quantum computers capable of breaking today's public-key cryptography have not yet emerged, Microsoft argues that migrating enterprise infrastructure to post-quantum standards will take years. By accelerating its own roadmap, the company aims to ensure its platforms can adopt new cryptographic standards as they mature while allowing customers to transition without disrupting operations.







Leave a Reply