Post-Quantum Cryptography APIs Now Generally Available on Microsoft Platforms

Introduction 

We are excited to announce a significant leap forward in security: Post-Quantum Cryptography (PQC) algorithms are now generally available in Windows Server 2025 and Windows 11 clients (24H2, 25H2) and .NET 10. This major milestone is part of Microsoft's ongoing commitment to help organizations stay ahead of evolving cybersecurity threats and prepare for the era of quantum computing. 

This announcement aligns with the broader strategy of Microsoft’s Quantum Safe Program (QSP), as highlighted in this blog post, which outlines the company’s comprehensive roadmap for PQ readiness. The general availability of PQC algorithms in Windows Server 2025, Windows 11, and .NET 10 represents a significant initial step within the ‘Foundational security components’ phase of this initiative, with further milestones and enhancements planned to bolster security in the years ahead. 

PQC Algorithms Now GA in Windows Server 2025 and Windows 11 Client 

In May this year, we brought PQC to Windows Insiders. With the November update of Windows, we’re bringing ML-KEM and ML-DSA to Windows Server 2025 and Windows 11 client via updates to  Cryptography API: Next Generation (CNG) libraries and Certificate functions.  

Developers now have access to ML-KEM for use in scenarios requiring key encapsulation or key exchange, enhancing preparedness against the "harvest now, decrypt later" threat. Additionally, developers can adopt ML-DSA for scenarios involving identity verification, integrity checks, or digital signature-based authentication. These updates represent a step towards enabling systems to safeguard sensitive data from both current and anticipated cryptographic challenges. 

• Enhanced Security: PQC algorithms provide resilience against potential quantum-based attacks, which are expected to render many traditional cryptographic schemes obsolete. 

• Seamless Integration: The PQC enhancements are integrated directly into the Windows cryptographic infrastructure, allowing for easy deployment and management. 

• Enterprise-Ready: These features have been extensively tested to meet the performance and reliability needs of enterprise environments. 

Visit our crypto developer’s pages for ML-KEM and ML-DSA to learn more and get started.   

General Availability of PQC in .NET 10 

In addition to Windows platform enhancements, we are thrilled to announce the general availability of PQC support in .NET 10. Developers can now build and deploy applications that utilize PQC algorithms, enabling robust data protection in the quantum era. 

• Developer Empowerment: .NET 10 integrates PQC options within its cryptographic APIs, making it simple for developers to modernize their security posture. 

• Cross-Platform Support: Build secure applications for Windows or Linux using the same PQC-enabled framework. 

• Future-Proofing: Adopt the latest cryptographic standards with minimal code changes and broad compatibility. 

Learn more about these changes here, and check out .NET 10 to get started. 

Coming Soon: PQC in Active Directory Certificate Services (ADCS) 

Looking ahead, we are pleased to share that the general availability of PQC capabilities in Active Directory Certificate Services (ADCS) is targeted for early 2026. This forthcoming update will further strengthen the foundation of your organization’s identity and certificate management infrastructure. 

• Comprehensive Coverage: PQC support in ADCS will enable issuance and management of certificates using PQC algorithms. 

• Easy Migration: Detailed guidance and configuration examples will be provided to help organizations transition their PKI environments to PQC. 

• Long-Term Security: Protect identities, devices, and communications well into the quantum era with minimal disruption. 

What Lies Ahead: Upcoming Developments and Challenges 

As cryptographic standards advance, SymCrypt will continue to incorporate additional quantum-resistant algorithms to maintain its leadership in security innovation. The development of PQC support for securing TLS is proceeding in alignment with IETF standards, aiming to provide strong protection for data in transit. In addition, Microsoft is preparing other essential domains—including firmware and software signing, identity, authentication, network security, and data protection—to be PQC-ready. Collaborating with ecosystem partners, these initiatives further extend the reach of quantum-safe security throughout the broader ecosystem. 

As PQC algorithms are still relatively new, it is important for organizations to consider "crypto agility," allowing systems to adapt as standards evolve. Microsoft advises customers to begin planning their transition to PQC by integrating new algorithms and adopting solutions that support both current and future cryptographic needs. In some cases, this means deploying PQC in hybrid or composite modes—combining a post-quantum algorithm with a traditional one such as RSA or ECDHE. Other situations may call for enabling pure PQC algorithms while maintaining compatibility with existing standards. Over time, as quantum technologies mature, we may see a shift towards only PQC. 

PQC algorithms may require increased computational resources, making ongoing optimization and hardware acceleration necessary to achieve an effective balance between security and performance. The transition to PQC includes updating cryptographic infrastructure, maintaining compatibility with legacy systems, and facilitating coordination among developers, hardware manufacturers, and service providers. Education and awareness are also important for broad adoption and compliance. 

Next Steps and Resources 

We encourage IT administrators, developers, and security professionals to begin leveraging PQC features in Windows Server 2025, Windows 11, and .NET 10, and to prepare for the upcoming enhancements in ADCS. Detailed documentation and best practices are available here: 

• Using ML-KEM with CNG for Key Exchange  

• Using ML-DSA with CNG for Digital Signatures  

• What's new in .NET libraries for .NET 10  

Conclusion 

Microsoft is committed to helping customers secure their environments against the threats of today and tomorrow. The general availability of PQC algorithms across our platforms marks a new era of cybersecurity resilience. We look forward to partnering with you on this journey and enabling a safer, quantum-ready future. 

Securing the present, innovating for the future  

Security is a shared responsibility. Through collaboration across hardware and software ecosystems, we can build more resilient systems secure by design and by default, from Windows to the cloud, enabling trust at every layer of the digital experience.  

The updated Windows Security book and Windows Server Security book are available to help you understand how to stay secure with Windows. Learn more about Windows 11, Windows Server, and Copilot+ PCs. To learn more about Microsoft Security Solutions, visit our website.   

Bookmark the Security blog to keep up with our expert coverage on security matters.  

Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.