HomeWinBuzzer NewsMicrosoft Switches All Services to Exclusively Use SHA-2

Microsoft Switches All Services to Exclusively Use SHA-2

Microsoft says starting in May, all of its services will let the SHA-1 certificate expire and adopt SHA-2 across the organization.


is finally leaving SHA-1 behind and is moving all of its services to Secure Hash Algorithm 2 (SHA-2). Specifically, the company says the transition will start from next month, making all services SHA-2 exclusive.

Secure Hash Algorithm 1 (SHA-1) is a quarter of a century old and is a system that creates hashes through cryptographics. Major weaknesses were found in SHA-1 by back in 2017 and browsers have been adopting SHA-2 since.

Microsoft is going a step further and moving all services under the newer algorithm. This completes a move Microsoft has been discussing for years. Back in 2019, the company signaled its intentions to switch to SHA-2:

“Unfortunately, the security of the SHA-1 hash algorithm has become less secure over time due to weaknesses found in the algorithm, increased processor performance, and the advent of cloud computing,” Microsoft said at the time.

“Stronger alternatives such as the Secure Hash Algorithm 2 (SHA-2) are now strongly preferred as they do not suffer from the same issues.”


SHA-2 is a newer improved version of SHA-2 and provides enhanced security and better performance. Microsoft will now let the SHA-1 certificate expire and move to SHA-2 Trusted Root Certificate Authority. The company says this will happen from May 9, 2021 at 4PM PT.

Microsoft is not making a big deal of this move, and describes it as “uneventful”. That's because the company already tested all the major apps. Still, the company is urging enterprise customers to also make the switch:

“Manually installed enterprise or self-signed SHA-1 certificates will not be impacted; however we strongly encourage your organization to move to SHA-2 if you have not done so already.”

Tip of the day:

Did you know that your data and privacy might be at risk if you run without encryption? A bootable USB with a live-linux distribution is often just enough to gain access to all of your files.

If you want to change that, check out our detailed BitLocker guide where we show you how to turn on encryption for your system disk or any other drive you might be using in your computer.

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News