Active Directory Certificate Services (ADCS) now generates post-quantum certificates, a step that extends quantum-safe support beyond algorithms and APIs into a core platform component relied upon by organizations worldwide. Microsoft is integrating quantum-safe cryptography directly into how Windows handles secure connections by adding PQ TLS hybrid key exchange to the Windows Transport Layer Security (TLS) stack. This addition brings quantum-safe protection to data-in-transit scenarios, mitigating the risk of “Harvest Now, Decrypt Later” attacks where encrypted traffic is captured for future decryption with quantum computers. According to a recent Microsoft Security Community Blog post, this foundation empowers customers to build, validate, pilot, and ultimately deploy quantum-safe applications, systems, and infrastructure at scale; composite PQC algorithms are also now enabled in Windows cryptography APIs and certificate functions, allowing for more complex and potentially more secure implementations.
PQ TLS Hybrid Key Exchange Secures Data-in-Transit
This move extends quantum-safe support beyond algorithm availability, embedding it within a core platform component responsible for securing billions of connections. The implementation addresses the critical “Harvest Now, Decrypt Later” risk, a scenario where malicious actors intercept encrypted data with the intention of decrypting it once quantum computers capable of breaking current encryption become available. The newly added PQ TLS hybrid key exchange combines conventional cryptographic methods with the NIST ML-KEM algorithm, offering a layered defense. This approach allows organizations to proactively mitigate long-term data risks, particularly for information requiring decades of confidentiality. Microsoft’s implementation focuses on seamless integration with existing Windows management tools; IT administrators can configure these quantum-safe options using familiar methods like Group Policy, Mobile Device Management (MDM) with Intune, or TLS PowerShell cmdlets, minimizing disruption to existing workflows.
Currently available in preview through the Windows Insider Program, the feature will become generally available on Windows 11 and Windows Server in the coming months, offering three hybrid combinations: X25519_MLKEM768, SecP256r1_MLKEM768, and SecP384r1_MLKEM1024. Microsoft states that bringing this capability to Windows enables security teams and application owners to evaluate real, Windows-native deployments and begin planning the policy and configuration updates needed for quantum-safe readiness. Beyond simply enabling the new key exchange, Microsoft is also bolstering the underlying cryptographic capabilities of Windows. This composite approach enhances security by requiring an adversary to compromise all components of the encryption to succeed, providing a significant defense-in-depth strategy. These algorithms align with ongoing work within the Internet Engineering Task Force (IETF) drafts, combining traditional methods like ECDSA and ECDHE with their post-quantum counterparts.
ADCS supports three ML-DSA parameter sets, ML-DSA-44, ML-DSA-65, and ML-DSA-87, allowing organizations to balance security strength with key and signature size for applications like code signing and TLS certificates. Microsoft notes that their TLS supported groups page describes the PQ TLS hybrid key exchange groups available and how to enable them in your environment, providing resources for administrators to begin the transition.
Composite ML-KEM and ML-DSA Algorithms Enhance Windows APIs
The integration of post-quantum cryptography (PQC) is no longer confined to theoretical exploration or isolated algorithm availability; Microsoft is actively embedding quantum-resistant solutions within core Windows functionalities, extending protection to established platform components. This progression signifies a proactive approach to mitigating “Harvest Now, Decrypt Later” risks, particularly for data requiring long-term confidentiality. This hybrid approach combines conventional cryptographic methods with post-quantum algorithms, allowing organizations to begin addressing long-lived data risks. The availability of several hybrid combinations, X25519_MLKEM768, SecP256r1_MLKEM768, and SecP384r1_MLKEM1024, provides flexibility in balancing security levels and performance characteristics. These new options are configurable through familiar Windows management tools, including Group Policy, Mobile Device Management, and PowerShell cmdlets, easing integration for IT administrators.
Beyond TLS, Windows cryptography APIs now support composite ML-KEM and ML-DSA algorithms, where ML-KEM (Module-Lattice Key Encapsulation Mechanism) and ML-DSA (Module-Lattice Digital Signature Algorithm) represent NIST-approved PQC standards for key exchange and digital signatures. According to Microsoft, composite algorithms provide defense in depth by requiring an adversary to break all components to compromise protected data. This advancement allows developers and security architects to move beyond foundational cryptographic primitives toward real-world certificate and signing patterns required in production environments, enabling prototyping of new certificate profiles and evaluation of trust chain impacts.
Hybrid key exchange combines classical and post-quantum algorithms, allowing organizations to begin mitigating HNDL risks.
ADCS Enables Issuance of ML-DSA Certificates
Microsoft has extended its quantum-safe cryptography initiatives into a critical, yet often overlooked, area of IT infrastructure: certificate generation. This capability allows enterprises to proactively evaluate post-quantum certificate issuance and trust validation workflows, addressing a foundational element of security often taken for granted. The addition of ML-DSA support within ADCS is particularly significant because it enables organizations to begin mitigating the “Harvest Now, Decrypt Later” risk associated with long-lived data, a threat that looms larger as quantum computing capabilities advance. This granular control is crucial for tailoring certificate profiles to specific scenarios, such as code signing and TLS certificates, where differing levels of protection and performance are required. Microsoft acknowledges that adopting PQC support within ADCS necessitates the deployment of new Certification Authorities (CAs); existing CAs cannot be upgraded in place.
This design choice allows organizations to introduce a parallel CA hierarchy, facilitating testing and validation of deployments without disrupting existing production workloads. Additional post-quantum capabilities, including ML-KEM and composite algorithm support, are planned for later this year, aiming to expand beyond signing scenarios and enhance certificate interoperability. This advancement isn’t simply about adding a new certificate type; it’s about building a practical pathway for organizations to transition to a quantum-safe future, as Microsoft explains. The ability to generate and validate these certificates natively within ADCS streamlines the integration process, reducing the complexity and potential for errors associated with relying on external or specialized solutions. For security teams, this provides a concrete starting point for identifying long-lived data at risk, such as document repositories, email archives, and backup systems, and prioritizing the implementation of quantum-safe protections. The ultimate goal, as Microsoft emphasizes, is to build crypto-agility into organizational processes, ensuring that future cryptographic transitions are more manageable and less disruptive.
The most effective migrations will be phased. Organizations should start by inventorying where public-key cryptography is used, prioritizing systems that protect sensitive data with long confidentiality lifetimes, and testing hybrid and composite approaches in non-production environments.
Mitigating Harvest Now, Decrypt Later (HNDL) Risks with PQC
The escalating threat of “Harvest Now, Decrypt Later” (HNDL) attacks is driving a proactive shift in cryptographic security, and Microsoft’s recent advancements within the Windows operating system represent a significant step toward mitigating these long-term risks. Rather than waiting for the advent of practical quantum computers, the company is embedding post-quantum cryptography (PQC) directly into core platform components, allowing organizations to begin securing data against future decryption attempts. This isn’t merely about having PQC algorithms available; it’s about extending support into the protocols and infrastructure already in use. A key development is the integration of Active Directory Certificate Services (ADCS) with the ability to generate post-quantum certificates. Organizations can deploy a parallel CA hierarchy alongside existing infrastructure to test and validate deployments without disrupting production workloads. The available hybrid combinations, X25519_MLKEM768, SecP256r1_MLKEM768, and SecP384r1_MLKEM1024, pair classical algorithms with the NIST ML-KEM algorithm, protecting against both current and future threats.
These composite algorithms enhance security by requiring an adversary to compromise all components to decrypt protected data, abstracting the complexity of combining multiple algorithms and strengthening resilience. This work aligns with IETF drafts for composite ML-DSA and ML-KEM, combining traditional algorithms with their post-quantum counterparts. These advancements collectively provide a clear starting point for organizations to adopt quantum-safe cryptography and build crypto-agility into their processes, ensuring future transitions are more manageable.
