Microsoft has introduced the Quantum Safe Program (QSP), a company-wide initiative designed to secure its infrastructure, customers, and ecosystem against future quantum threats. The program’s goal is to integrate post-quantum cryptography (PQC) into foundational components and services.
The QSP strategy is a multi-year effort that begins with the integration of PQC algorithms into foundational security components like SymCrypt, the primary cryptographic library for Windows and Azure. ML-KEM and ML-DSA are now available through the Cryptography API: Next Generation (CNG). A second phase will update core infrastructure services, and the third phase will integrate PQC into all services and endpoints, including Windows, Azure services, and Microsoft 365. The company has also enabled TLS hybrid key exchange in SymCrypt-OpenSSL to address “Harvest Now, Decrypt Later” threats.
The Microsoft QSP is aligned with U.S. government requirements and timelines for quantum safety, including guidance from the Office of Management and Budget (OMB), Cybersecurity and Infrastructure Security Agency (CISA), NIST, and the National Security Agency (NSA). Microsoft’s roadmap aims to complete the transition of its services and products by 2033, two years before the 2035 deadline set by most governments. The program is guided by three priorities: making Microsoft quantum safe, supporting customers and partners in their transition, and promoting global research and standards.
The migration to PQC is described as a multi-year transformation that requires coordinated execution. Microsoft’s PQC efforts began in 2014 with research and submissions to the NIST PQC call, and the company has participated in initiatives like the Open Quantum Safe project and the NIST NCCoE Post-Quantum project. This program demonstrates a commitment to addressing the threat from future scalable quantum computers, which could break public-key cryptography.
Read the full announcement here.
August 20, 2025
 
											
				
