Microsoft will introduce quantum-safe solutions in its products by 2029 and plans for full implementation by 2033. This is two years before the 2035 deadline for fully transitioning to post-quantum cryptography (PQC) set by various governments worldwide.

The updated timeline is now part of the Microsoft Quantum Safe Program (QSP), launched in 2023 to enhance protection for its infrastructure and that of its customers, partners, and ecosystems against future quantum computing threats.
Microsoft also urged customers to start planning their own quantum-safe journey.
“Migration to post quantum cryptography (PQC) is not a flip-the-switch moment, it’s a multiyear transformation that requires immediate planning and coordinated execution to avoid a last-minute scramble,” the firm noted in a blog dated August 20.
Microsoft is aligning its quantum-safe initiatives with US government standards, including the NSA’s Commercial National Security Algorithm Suite 2.0, which sets strict requirements for quantum-resistant solutions for National Security Systems.
The tech giant is watching quantum-safe initiatives from governments like the EU, UK, Australia, and Japan to align its efforts.
A Phased Transition Journey:
Microsoft’s QSP strategy aims to enable early adoption of quantum-safe capabilities by 2029, gradually making them default by 2033.
It set out three key phases for this strategy:
Integrating PQC algorithms into foundational security components like SymCrypt, the primary cryptographic library that provides consistent cryptographic security across Windows, Microsoft Azure, Microsoft 365 and other platforms
Updating foundational components in products and services considered core infrastructure, such as Microsoft Entra authentication, key and secret management, and signing services
Integrating PQC into Windows Azure services, Microsoft 365, data platforms, AI services and networking, providing comprehensive protection across all platforms and applications
Microsoft has begun preparations for a complete switch to PQC by 2033.
It started with a company-wide inventory to evaluate and prioritize risks related to cryptographic assets. Then, it focused on essential dependencies, funded quantum-safe research, and worked on hardware and firmware improvements.
InfoSecBulletin Cybersecurity for mankind
