Security needs true randomness, as you can see in content.wuala.com/.../Security%20needs%20True%20Randomness.pdf

Since true randomness is not supported by Microsoft, a "change in the approach" could start by supporting this must have requirement for security.