CyberSecurityBoardThreat Intel · CVEs · Products
Cyber News

Microsoft Accelerates Post-Quantum Cryptography Shift to 2029

July 1, 2026

Microsoft has announced an acceleration of its quantum-safe security roadmap, moving the target for transitioning critical products and services to post-quantum cryptography (PQC) to 2029. The decision is driven by advances in quantum research that suggest cryptographically relevant quantum computers could arrive sooner than previously expected.

Mark Russinovich, CTO of Microsoft Azure, emphasized the urgency, stating that organizations need to start preparing now. The Microsoft Quantum Safe Program (QSP) timeline is being sped up, and PQC requirements will be integrated into the company’s Secure Future Initiative (SFI). Key focus areas include upgrading network cryptography with TLS 1.3, building crypto-agility for stored data, and transitioning to PQC algorithms for securing trust chains such as code signing, certificate issuance, and update pipelines.

Microsoft highlighted the importance of crypto-agility, which involves removing hard-coded algorithm assumptions and designing systems to allow algorithm upgrades as routine tasks. The company also warned about the ‘harvest now, decrypt later’ threat, where adversaries collect encrypted data now to decrypt later with quantum computers.

This announcement follows a U.S. executive order setting PQC deadlines for federal agencies, and similar moves by Google and Cloudflare to migrate to quantum-safe cryptography by 2029. Recent research breakthroughs, including improvements to quantum algorithms for breaking elliptic curve cryptography and new error-correction approaches for Shor’s algorithm, underscore the growing urgency.

CVEs: CVE-2026-20245

Companies: Microsoft, Google, Cloudflare

Products: Microsoft Azure, Google Chrome, TLS 1.3