Summary
Microsoft is making NIST’s post-quantum cryptography generally available across Windows and .NET. The November 2025 updates for Windows 11 and Windows Server 2025 add built-in ML-KEM (CRYSTALS-Kyber) for key establishment and ML-DSA (CRYSTALS-Dilithium) for signatures, and .NET 10 exposes them in its crypto libraries. This is one of the largest real deployments to date, bringing quantum-resistant options to a massive base of systems and developers.
Kyber and Dilithium are now integrated into Windows CNG and the certificate APIs, so common workflows can use PQC without custom plumbing. That includes TLS handshakes, code signing, VPN encryption, and client authentication. A server can negotiate a hybrid X25519 plus Kyber key exchange to blunt harvest-now, decrypt-later risks, and use Dilithium signatures instead of RSA.
NIST selected these algorithms in 2022 and FIPS certification is expected, so Microsoft is slightly ahead of compliance timelines. For security leaders, this signals that PQC pilots in Windows environments can begin, with focus on interoperability, certificate chain updates, and performance testing. With .NET 10 support, application teams can start integrating PQC using a supported, vendor-maintained stack.
Read more
See the original article at: https://postquantum.com/industry-news/microsoft-pqc-windows/