Windows Server 2025 and Windows 11 (24H2 and newer) are the first Windows releases that include native post-quantum cryptographic primitives in the operating system. These changes are intended to reduce long-term exposure to data captured today and decrypted in the future. Windows does not yet provide a complete quantum safe security stack. It only includes the base cryptographic primitives and hybrid mechanisms needed to begin transitioning away from classical algorithms.

With TPM enabling BitLocker to protect your data from the threat of someone physically stealing your laptop, you can almost admire Microsoft’s logic. Obviously, that’s a far bigger risk than a few hundred million unpatched Windows 10 machines being exposed to the Internet. Because, of course, laptops are being stolen by the truckload every night, while malware and remote exploits are just fringe concerns. Brilliantly deducted.

The goal is to use PowerShell to create a GPO and a WMI filter for the PDC. The PDC is the authoritative time source in a Domain and it’s vital that only the PDC syncs with the upstream time source. Every other domain controller should, in turn, sync from the PDC, maintaining a proper hierarchy and preventing clock chaos