Microsoft accelerates quantum-safe timeline for adoption by 2029

Microsoft Azure CTO, Mark Russinovich has announced that the organization is now accelerating its Quantum Safe Program (QSP) with the goal of transitioning products and services to PQC by 2029.

It’s a remarkable move, bringing the corporation into sync with the likes of Google and Cloudflare, both of which announced similar timelines last month.

“Advances in quantum research and development have shifted the risk horizon,” says Russinovich in The quantum-safe timeline has changed. “We believe cryptographically relevant quantum computers could arrive sooner than previously expected – and the work required to prepare is significant, so organizations need to start now.”

In addition to the tech advances in quantum computing, this announcement also follows in the wake of global pressure – last month, the US and French governments issued strict guidance pushing PQC adoption in high-risk systems for as early as 2030, driven in part by the urgency of the Harvest-Now-Decrypt-Later threat.

Microsoft’s accelerated strategy is based around three pillars of focus:

  • Data in Transit – Microsoft is committed to upgrading network connectivity by adopting TLS 1.3 as a standard baseline with legacy protocol reduced or eliminated wherever possible
  • Data at Rest – The plan is to move away from hard-coded systems and algorithms and switch to crypto-agility. It will mean that cryptographic algorithms can be updated with minimal disruption
  • Identity and Certificates – Microsoft aims to update the complex web of code signing, device identities and certificate issuance processes to quantum resilience

This is excellent news for organizations planning PQC migration, especially those using Microsoft products in their infrastructure. It clarifies the conversation around those products and systems, when it comes to identifying and updating cryptography, and it’s a reminder that more vendors need to do this, giving organizations the opportunity to ask about readiness. As Microsoft points out, the hardest part of this transition is not choosing new algorithms, but figuring out where the old ones are hidden. The discovery phase can often be the biggest hurdle.

The recommended strategy for transition centers on:

  • Aligning your organization for a multi-year cryptography transition
  • Designing for crypto-agility
  • Creating an inventory to prioritize your cryptographic components
  • Modernizing protocols, such as switching to TLS 1.3 as standard across client and server systems

The race to 2029 is not just about avoiding a future quantum apocalypse. It’s clearly about building a mature security architecture that’s ready today. Now that Microsoft has joined the likes of Google, Cloudflare and others in this accelerated timeframe, the standard has been set, and organizations that delay risk finding themselves left behind in the quantum era. It’s certainly a message that PQShield have been reinforcing. As an industry hub for advising on quantum transition, we not only have the expertise to help guide transition, but we’ve built a range of products in our UltraPQ suite, specifically designed to mitigate the quantum threat in hardware, software and in the cloud.

You can read more about Microsoft’s Quantum Safe Program and how this impacts their timeline here: https://www.microsoft.com/en-us/security/blog/2026/06/30/microsoft-advances-quantum-safe-security-as-the-risk-timeline-shifts/

 

Author: Matthew Stubbs is a content engineer and technical author, with a background in optical physics and engineering. With a range of experience in many industries and technologies, Matt writes about cybersecurity, science and cryptography updates, managing PQShield’s content and providing technical insight to the latest developments.