Accelerating the quantum-safe timeline | Microsoft Security Blog
Skip to content
Skip to main content
Security
Microsoft Defender<br>Microsoft Entra<br>Microsoft Intune<br>Microsoft Purview<br>Microsoft Security Copilot<br>Microsoft Sentinel<br>View all products
AI-powered cybersecurity<br>Cloud security<br>Data security & governance<br>Identity & network access<br>Privacy & risk management<br>Security for AI<br>Small and medium business<br>Unified SecOps<br>Zero Trust
Pricing
Services
Partners
Why Microsoft Security
Cybersecurity awareness<br>Customer stories<br>Security 101<br>Product trials<br>How we protect Microsoft
Industry recognition<br>Microsoft Security Insider<br>Microsoft Digital Defense Report<br>Security Response Center
Microsoft Security Blog<br>Microsoft Security Events<br>Microsoft Tech Community
Documentation<br>Technical Content Library<br>Training & certifications
Compliance Program for Microsoft Cloud<br>Microsoft Trust Center<br>Security Engineering Portal<br>Service Trust Portal<br>Microsoft Secure Future Initiative<br>Business Solutions Hub
Contact Sales
Start free trial
Microsoft Security<br>Azure<br>Dynamics 365<br>Microsoft 365<br>Microsoft Teams<br>Windows 365
Microsoft AI<br>Azure Space<br>Mixed reality<br>Microsoft HoloLens<br>Microsoft Viva<br>Quantum computing<br>Sustainability
Education<br>Automotive<br>Financial services<br>Government<br>Healthcare<br>Manufacturing<br>Retail
Find a partner<br>Become a partner<br>Partner Network<br>Microsoft Marketplace<br>Software companies
Blog<br>Microsoft Advertising<br>Developer Center<br>Documentation<br>Events<br>Licensing<br>Microsoft Learn<br>Microsoft Research
View Sitemap
Search
Industry trends
June 30
4 min read
Accelerating the quantum-safe timeline
By Mark Russinovich, Chief Technology Officer, Microsoft Azure
Listen to this post
1x
Powered by Microsoft Copilot
Share
Link copied to clipboard!
Content types<br>Industry trends
Topics<br>Cloud security<br>Security management
The quantum-safe timeline has changed
For years, planning for post-quantum cryptography (PQC) was framed as a future problem: important, inevitable, but distant. That perspective is evolving as technology advances and organizations prepare for the scale and complexity of the transition ahead. At Microsoft, we are acting on this shift by bringing our quantum-safe timeline forward so organizations can begin the transition earlier and with greater confidence.
Advances in quantum research and development have shifted the risk horizon. We believe cryptographically relevant quantum computers could arrive sooner than previously expected —and the work required to prepare is significant so organizations need to start now.
Recent government actions, including United States1 and French2 guidance to adopt quantum-safe cryptography as early as 2030 in certain high-risk systems, reflect the same conclusion: preparing for this transition is already underway.
This is a recognition that the transition to quantum-safe cryptography is a multi-year engineering effort that benefits from early planning and action, and delaying that work increases both cost and risk. This reinforces our decision to bring the work forward.
The quantum capabilities are accelerating. The time to respond is now.
Learn more about post-quantum cryptography
Accelerating our timeline
In response to these shifts, we are accelerating the Microsoft Quantum Safe Program (QSP) timeline and the goal is to transition products and services to PQC by 2029.
We are also incorporating PQC requirements into our Secure Future Initiative (SFI). This brings quantum-safe readiness into the same disciplined engineering framework we use for other critical security outcomes: clear ownership, measurable milestones, and transparent progress. Embedding these capabilities into our platforms empowers customers to move sooner and more confidently.
What “accelerating” means in practice
Accelerating our timeline means pulling forward key engineering work so new standards can be adopted earlier and modernization can begin well ahead of broad quantum impact.
Our priorities fall into three areas:
1. Upgrade network cryptography (data in transit)
Modernizing network cryptography is a prerequisite for post-quantum adoption. As an example, adopting TLS 1.3 establishes a baseline that enables hybrid and post-quantum key exchange as standards mature.
What this looks like : Critical endpoints negotiate TLS 1.3 by default, with legacy protocol use reduced or eliminated wherever possible.
2. Build crypto-agility for stored data (data at rest)
Crypto-agility—the ability to change cryptography without redesigning systems—enables the safe, timely adoption of new cryptographic standards. This requires making cryptographic settings configurable outside of the application, standardizing key management and rotation, and eliminating hard-coded algorithms.
What this looks like : Cryptographic algorithms can be updated with minimal application changes and limited service disruption. You can learn more about crypto-agility here.
3. Modernize cryptographic trust chains (identity,...