Microsoft announced today that it is accelerating its quantum-safe security roadmap, saying advances in quantum computing are bringing the need to replace today's encryption standards sooner than previously expected.
Although today's quantum computers cannot crack modern encryption, security researchers have warned about "harvest now, decrypt later" attacks. In these attacks, encrypted data that is stolen today is stored until future quantum computers become powerful enough to decrypt it, exposing sensitive information.
As a result, companies including Apple, Google, and Signal have begun integrating post-quantum cryptography (PQC) to replace existing public-key encryption algorithms with quantum-resistant versions.
Microsoft says it now plans to transition "critical products and services" to post-quantum cryptography (PQC) by 2029 as part of its Microsoft Quantum Safe Program (QSP), while also adding quantum-safe requirements into its Secure Future Initiative (SFI).
"For years, planning for post-quantum cryptography (PQC) was framed as a future problem: important, inevitable, but distant," Microsoft said in a blog post.
"That perspective is evolving as technology advances and organizations prepare for the scale and complexity of the transition ahead."
Microsoft has encouraged organizations to prepare for post-quantum cryptography for years. However, the company now says advances in quantum computing mean the transition needs to begin sooner than previously expected.
"Advances in quantum research and development have shifted the risk horizon," warned Microsoft.
"We believe cryptographically relevant quantum computers could arrive sooner than previously expected—and the work required to prepare is significant so organizations need to start now."
Microsoft plans quantum-safe transition by 2029
Microsoft says its Quantum Safe Program is being accelerated to transition critical products and services to PQC by 2029.
Rather than focusing solely on adopting new cryptographic algorithms, the company says organizations should first modernize their infrastructure to make future transitions easier.
The company outlined three priorities that it is following to speed up this transition:
- Upgrading network cryptography by adopting modern protocols such as TLS 1.3 to support future hybrid and post-quantum key exchange.
- Building "crypto-agility" so that cryptographic algorithms can be swapped for PQC variants without having to redesign applications.
- Modernizing cryptographic trust chains used for code signing, certificate issuance, software updates, and hardware-backed key protection.
Microsoft says that integrating its PQC plans into the Secure Future Initiative will enable tracking of quantum-safe readiness alongside other security goals.
Microsoft has not publicly detailed what specific advances prompted it to accelerate its quantum-safe roadmap or why it believes quantum computers could arrive sooner than previously expected.
BleepingComputer contacted Microsoft with questions about what changed since its earlier guidance and will update this story if we receive a response.
Test every layer before attackers do
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
English (US) ·