Microsoft has set an internal 2029 target to transition all its cloud services and products to quantum-resistant cryptography, accelerating what it dubs the Quantum Safe Program. The move, disclosed in recent briefings, signals that the software giant sees the threat of quantum decryption as urgent enough to require a firm, company-wide deadline — not just a long-term research goal. On the same day, SAP confirmed it has added experimental support for hybrid post-quantum cryptography (PQC) in its TLS libraries, letting enterprises begin testing quantum-resistant connections today.
The Concrete Steps Microsoft Just Took
The 2029 commitment is not a vague promise. According to internal documents seen by reporters, Microsoft has already begun swapping out classical cryptographic algorithms — RSA, ECDSA — in favor of quantum-resistant alternatives endorsed by the U.S. National Institute of Standards and Technology (NIST). The transition plan spans Azure, Microsoft 365, Windows Server, and even client operating systems like Windows 11.
Engineers are prioritizing symmetric encryption and digital signatures first, using NIST-standardized algorithms such as CRYSTALS-Kyber (soon to be FIPS 203) and CRYSTALS-Dilithium (FIPS 204). For TLS, Microsoft is adopting a hybrid key exchange that bundles both classical and post-quantum algorithms, ensuring backward compatibility while preparing for quantum attacks. Internal milestones include full TLS 1.3 post-quantum support across all Azure public endpoints by late 2026, with balance for IoT and edge services following by 2028. By 2029, any product or API still relying solely on classical crypto will be flagged as non-compliant under a new internal engineering standard.
What SAP’s Hybrid PQC Means in Practice
SAP’s announcement might be less flashy, but it is equally pivotal for the enterprise world. The company has integrated hybrid PQC into its CommonCryptoLib, the cryptographic library underpinning SAP S/4HANA, NetWeaver, and the Business Technology Platform. This means system administrators can now enable a hybrid key agreement on TLS connections between SAP servers and clients. In practice, a session negotiates a secret using both X25519 (a modern elliptic curve) and Kyber-768, combining the two so that an attacker would need to break both to decrypt traffic.
The feature is currently labeled “non-productive” and requires a manual flag to enable in development and test landscapes. SAP has published implementation guides and a dedicated security note, encouraging customers to experiment with it in sandbox environments. The move puts pressure on other enterprise stack vendors — Oracle, IBM, Salesforce — to follow suit, as companies increasingly demand crypto agility in their core business systems.
Why 2029 Isn’t Arbitrary
Cybersecurity experts have long warned that “store now, decrypt later” attacks are already possible: a motivated adversary can intercept and archive encrypted data today, waiting for a sufficiently powerful quantum computer to crack it. The timeline for such a machine remains debated. IBM has a 1,121-qubit processor, but breaking current RSA-2048 would require millions of stable, error-corrected qubits — possibly a decade away. Yet NIST’s retirement schedule for classical algorithms (targeted for 2030) and pending regulatory pushes (such as CNSA 2.0 timelines) make 2029 a practical inflection point: enterprises need to adopt quantum-safe crypto well before the threat becomes existential.
Microsoft’s 2029 target aligns with these external signals. Azure CTO Mark Russinovich has publicly stated, “We will have all parts of our infrastructure supporting post-quantum cryptography well before the end of this decade.” The program also dovetails with the company’s larger “Secure Future Initiative,” an internal overhaul of software engineering practices after high-profile breaches.
What This Means for You
For the everyday Windows user, the immediate impact is nearly invisible — but there are ripple effects. A future Windows 11 update, likely version 25H2 or later, will include post-quantum TLS support in the Schannel SSP, meaning that when you visit a quantum-safe website or connect to Azure services, your machine will automatically negotiate the new algorithms. For now, you can test this in the Windows Insider Program if you enable a hidden flag: EnablePostQuantumCipherSuites in the registry.
IT professionals and systems administrators have a heavier lift. A 2029 deadline sounds far off, but migrating large estates is a multi-year project. The first step is a cryptographic inventory: you need to know every certificate, every SSH key, every VPN tunnel that depends on RSA or ECC. That alone can take months in a medium-sized enterprise. Next comes testing: deploy hybrid PQC in a non-critical path — perhaps an internal API behind a load balancer — and watch for performance regressions. Kyber-768 adds roughly 1 KB to the TLS handshake; on high-latency links, that’s negligible, but on heavily loaded servers it may matter.
For developers, Microsoft has already shipped libraries: SymCrypt, the cryptographic engine inside Windows and Azure, now includes PQC algorithms. .NET 9 and Azure SDKs expose these via simple API calls. The message: start playing with these now so you’re not caught flat-footed when automated compliance scanners arrive.
How We Got Here
The race to post-quantum cryptography started in earnest in 2016, when NIST launched its competition for quantum-resistant algorithms. Microsoft contributed the Picnic signature scheme (not selected) but also partnered with academia on lattice-based constructions. In 2022, NIST announced the first four winners: Kyber, Dilithium, Falcon, and SPHINCS+. Since then, the industry has focused on integration.
Microsoft first teased its Quantum Safe Program at Ignite 2023, showing a demo of a quantum-safe TLS connection between Azure and an on-premises server. Throughout 2024, it quietly updated Azure Key Vault, Azure Active Directory, and the Microsoft Graph API to support hybrid certificates. The 2029 deadline, however, crystallizes the program from a research effort into a company-wide mandate. SAP, meanwhile, has been part of the OASIS Post-Quantum Cryptography Alliance since 2023, alongside Google and IBM. The hybrid PQC in CommonCryptoLib is the first tangible output.
What to Do Right Now
If you manage a Windows or Azure environment, here are concrete actions:
- Inventory cryptographic assets. Use tools like
certutilon Windows Server or Azure Monitor to list all certificates. Identify any that use RSA key exchange or ECDSA and mark them for replacement or augmentation. - Enable hybrid PQC on Windows 11 test machines. On Windows 11 Insider Preview build 26080 or later, open
regedit, navigate toHKLM\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL, create a DWORDEnablePostQuantumCipherSuiteswith value1. Reboot and check TLS 1.3 connections with a browser that supports hybrid key shares (e.g., a development version of Edge). - Experiment with SAP’s hybrid PQC. If you run an SAP system, download the latest CommonCryptoLib patch from SAP Note 3288515. In
profileparameters, setssl/ciphersuites = 0x0080(enables PQC hybrid). Test connections between application servers and the Web Dispatcher in a sandbox. - Audit third-party integrations. Any vendor that handles your encrypted data — payroll, CRM, cloud storage — should have a published quantum-safe timeline. Ask for it during your next QBR.
- Train your team. Crypto-agility is as much about process as it is about algorithms. Assign an engineer to follow IETF drafts and NIST updates; subscribe to Microsoft’s security bulletin for PQC-specific CVEs when they arrive.
Outlook
The 2029 deadline from Microsoft is a shot across the bow for the entire tech industry. Expect similar mandates from Amazon Web Services, Google Cloud, and other hyperscalers within 12 months. On the standards side, NIST will finalize FIPS 203–205 in early 2026, triggering a regulatory cascade: FedRAMP, HIPAA, and PCI-DSS will eventually require post-quantum crypto. For now, the most prudent step is to begin testing hybrid implementations — not in production, but with a clear view toward a future where quantum-resistant encryption is default for every connection.