No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

HTTPS SharePoint

  • This post has 44 Replies |
  • 32 Followers
  • same for my O365 for SMB offer.

    I don't see any place in the O365 for SMB admin interface or Sharepoint admin interface where SSL could be enabled or disabled

  • I am also seeing this.  SharePoint with SSL isn't very useful.  Hopefully this can be enabled.

  • SSL is not available currently with SMB accounts. Madness i know but lets hope they see common sense to change this. but dont exepct this during beta.

  • This is a show stopper.  How could you recommend Office 365 to any small business in good faith knowing that the data is not encrypted?  Does Microsoft have an official response to this yet?

  • Hi guys..

    I would just like to add my voice to this as well.  SSL on sharepoint is really essential for me too, lets hope MS adds this...

  • Fully agree with the above points. MS are encouraging users, including one man bands who are out on the road using public wifi to store their data in the Cloud/Office 365 and yet not providing basic security like SSL; this at a time when cloud security is a big thing, and MS are promoting themselves as a security concious company. Biggest single weakness I have found so far in my evaluation. Horror stories like the current Sony fiasco are sensitising even the most technical/security unaware user to the need for encrpytion.

  • remmeber that the Auth is forms Auth over SSL, so on the transimssion of documents to a from the hosting is in the clear or at least celar unencrypted. its not like Docs are plain text any more, but i still have to agree is stuipd to think that any SMB will pay for these types of services with out some of the most basic transimssion encription esp when you consider the public nature of wifi spots as previously mentioned.

  • I agree, was looking good until I noticed SharePoint was http only even after adding your own domain name to it and setting it as the default, I liked that I could create a list and link/replicate it in Access 2010 however again unsecure data transmission so 365 is useless to me unless it goes HTTPS like oultook.com already is, silly things like security which mean we are still stuck with expensive on-premise solutions :/

  • I really don't understand what the design can be thinking on this one. Most documents are even more sensitive than emails for any business - contracts, acccounts, etc.

    This is a showstopper for me also, beta or not, makes no difference to me, it's equally important.

    Does anyone have any definitive dates as to if / when SSL will be available on sharepoint?

  • Just to add a point I'd forgotten earlier, for a one-man band / consultant, they'd surprisingly be more secure using Skydrive which DOES use SSL !  For documents storage and sharing it is actually more user-friendly than sharepoint. If you use the email the downside is that you can't use your own domain, although the account can "sent on behalf of you@yourdomain.com" which may be acceptable for many individual professionals possibly?

  • I agree.  Personally, I will continue to use SkyDrive for sensitive documents instead of SharePoint for just this reason.

    I think the root of this problem is that Office 365 small biz is also designed to be your public website, so it has to be set to HTTPS, not HTTP.  I don't think you can have certain parts of a SharePoint site set to HTTPS and other parts of the same site set to HTTP.  So what they would need to do is one of the following:

    (1) Allow an Office 365 small biz customer to set their SharePoint site to HTTPS only, which would restrict them from using their own domain (because that would get into certificate issues), and essentially would turn off the ability for this site to be their public website.

    -or-

    (2) Allow an Office 365 small biz customer to create a SECOND SharePoint site which is set to HTTPS.

    -or-

    (3) When a SharePoint site is set to a custom domain, set it to HTTP-only.  When a SharePoint site is left to point to something.onmicrosoft.com, set it to HTTPS-only.

  • SharePoint without SSL is a show stopper for me as well.  Not only are sensitive documents insecure, it makes integration with Windows Phone 7 impossible.  This makes it pointless to test the beta. Anyone can get email these days for free or cheap, document portability and security is much more important.

  • a possible option (4) to John Pattison's ideas would be to simply allow the upload of an SSL Cert for your custom domain (at cost of course), what harm could that do? I understand that it may be a technical nightmare for Microsoft to implement but it would solve all the issues? people would still have to forego the mix of HTTP and HTTPS unless you are happy for visitors to get the warnings when switching but such is life, I would choose HTTPS over HTTP for what I want to use it for (accessing SharePoint with other technologies like Designer, Access or a custom C# app).  Also has anyone had any trouble with other services like Windows Live Messenger, it wont let me login while I am logged into 365 with my new (temporary beta) account, is this expected behaviour/limitation!?.

  • one more voice. was reviewing to move my company to 365, but this will stop me as well. sharepoint for the company is a great tool, but if it's not secure i can't put anything of value on it ( sharing docs, work lists, etc. with my teams ).

    and to vote - if I had to do all HTTPS on my domain to get it, i'd gladly go that route.

  • Yep, have to see I was shocked when I got into Beta and found this. I have absolutely zero interest in a service that isn't encrypted - is this the intention for release or just due to the beta stage we're at?

  • My newer E3 account is all https (except public bits).

    https://domain.sharepoint.com  

    http://domain-web.sharepoint.com 

    My P1 set up in November is all http. This makes no sense to me. Even OLSB gave you the option of enforcing ssl for the Sharepoint areas. Another feature that's been disabled for no good reason.


    http://webbrewers.com/   |     |  Get more out of Office 365

  • let’s hope this is not the intention, simply madness doesn’t come close. We need more people to register their thoughts on this thread though, the more ppl register their discontent with a sub std service and maybe they will start to look at a solution.

    we can only hope this was a mistake by a PM who really didn’t think this through very well.

  • Well I am going to post my concern again here and then in as many forum threads as I can.  I was planning on recommending Office365 small business to several customers and potential customers.  I cannot now.  Unencrypted transfer of proprietary business documents and information?  Please Microsoft, rethink this "strategy".
  • I figured I would add to this post after I discovered that the "My Site" associated with Office365 Small Business does use HTTPS so maybe Microsoft intends for the SharePoint team site to be HTTPS but just hasn't figured it out yet.  Of course the My Site is a different host name of https://customhost-my.sharepoint.com/.

     

    It would sure be nice to hear from someone at Microsoft on this issue.

  • @JimStrive Sorry if this is an obvious question but I'm new to Office 365, but what is the 'My Site' and where do you get at it?  I can't seem to get any part of sharepoint to use https so I'm interested to know exactly which part you have which does work.

    Thanks

  • Hello

    all communication between a client and Office 365 services (Exchange, SharePoint or Lync) are encrypted

    It is possible to enter an HTTP URL for reaching Office 365 services, this will be automatically redirected to HTTPS communication

    You can check the following list which provides TCP communication ports used by Office 365 services

    blog.hametbenoit.info/.../Post.aspx

    Benoit HAMET

    Senior Solutions Architect

    MVP Office 365 - MCITP Office 365 - Microsoft Community Contributor

    Blog - Twitter

  • Hello Benoit,

    That's not the case for P1 plans though is it because as people have been discussing here https is only used for sign in for sharepoint and then returns to unencrypted mode for general use of the sharepoint site, or am I missing something?

  • no you are not missing any thing there, Benoit is missing the point clearly.

    how ever it is only sharepoint that is unencrypted, Exchange and Lync still use SSL and TLS services from what I can see.

  • Thanks Mark..  I knew the others are encrypted, I really wish someone from Microsoft would comment on this...

  • For me too the missing SSL is the showstopper!

  • Some feedback I have received today from Microsoft UK on this topic, as a result of a question I put during a webcast yeaterday. I have to give the UK guys credit for taking the subject up and coming straight back to me. No date, but at least it shows MS have reviewed the design decision and are going in the direction:

    I spoke to the product team overnight, and you’re absolutely right – we don’t use HTTPS for the Office 365 Small Business Plan.  We made this decision for simplicity and usability. In SharePoint Online for small business, there is user name & password protection security for intranet level team site(s) (the sign in process does use HTTPS). Per the early feedback we are receiving, Microsoft is in design planning to bring https:// to the SharePoint Online for small business offering in a future update.

  • Thanks for the post Roger, that usre is good news and lets hope its not going to be too long before they roll out this change.

  • +1 for https on sharepoint for small business.

  • Excellent news. Fact that such a mistake was made is a bit frightening though.

  • That's good news, I still find it a little scary that they made this design decision in the first place, small business users need as much help as they can get with security

  • No SSL on SharePoint is a showstopper for us as well.  We were preparing to move into the Office 365 beta but luckly caught this beforehand.  Ironically, the lack of SSL on SharePoint was the reason we moved to BPOS from Sherweb in the first place.  

     

    Lack of SSL on the forums is also a foul.  What happened to Bill Gate's "Security First" initiative.  Do I really want everyone in the coffee shop reading my posts, capturing my handle, and learning my personal information required at forum signup?  This is a no brainer.  Even the competing Google permits SSL on the most basic of functionality, such as search, docs, etc. 

  • I was just about migrate my company from Google Apps, to M365 but found this BIG issue. It is not possible to run a secure Sharepoint based intranet with no HTTPS availability at all.

    I will be following up and appreciate any further news from you guys.

    Cheers.

  • I was looking forward to migrate everything that can be done online to Office365 too.  It is a sure show stopper without the SSL.  If I'm paying for it, I want SSL.  

  • I just signed up for Office 365 (I was a beta) but I beleive can cancel given that there is no encryption.

    Another question:  Does Microsoft have the right to use my information on O365 for their own purposes?  Remember the HotMail debacle in which MS could (and did) piraate the user's email contents for their own purposes.  Egad - this looks like a product killer (as well as a deal killer for o365!)

  • Is skydrive also scheduled to be discontinued as with Office Live?  Is it just me or does it seems like Office 365 is just an attempt to get some sort of product in the cloud space?  Seems like some watered down version of Office Live and Hot mail, Windows Messenger and Sharepoint mixed together.

  • John,

    Get an E account and you get HTTPS, it only the P1 that does not have it.

    Hope this helps

     

    Robert

     

  • Roger, this is great news but it is now August and 365 is live. I have just logged back into my trail account to see if it is fixed and...........no.... :(

    Anyone know when this might be fixed. not using it until it is.

  • I am new to Office365, well relatively new.

    I read with great excitement about sharing lists and data on sharepoint and thought it might be the answer to multi person data entry/ reading for us.

    Small business need SSL too, data is data and I think this is a basic level feature that should be turned on by default

    thanks to everyone who posted this useful content.

    Microsoft, this is a great product, but SSL is needed urgently, please make it better... :-)  Many thanks

  • Just wanted to add my dissapointment to this thread.  We're 8 years on from the 'Trustworthy Computing' initiative and we have MS deploying a system that cannot  be secured.  God help you if you connect to your documents over WLAN at an IT convention.  Steve Reiley where are you :)

    Won't be converting my trial to a paid subscription

  • I am dissapointed on how long it is takig to implement this. This is a requirement for any business even if it is one person if you want to be able to store any kind of business information. I have been trackig this since May.

    I may have to drop Office 365 and go back to Google Apps so that  can actually use the online storage.

  • Any updates?  At least put this in the service descriptions so we are not giving the wrong impression to our customers!

  • Please someone from Microsoft respond.  I know that you don't give out dates for releases etc.  But could you give us a time frame for when HTTPS will be put in for SharePoint in the P1 plan?  I am losing customers to SkyDrive (of all things) because I can't in good conscience recommend the P1 plan knowing that data transfer is not secure.  Don't get me wrong, it's a great product otherwise but the SharePoint part is unusable without HTTPS.  Thank you.

  • I'm in the same boat P1 SharePoint without SSL is pointless.  Also remember in E1 you can't edit files with Office Web Apps.  You need E2 in order to edit.  So now you are looking $16 per month instead of $6.

    The Email only plan for $5 a month plus SkyDrive looks like the way to go.  Even SkyDrive uses SSL!!

  • The fun is that the lack of SSL breaks functionality within Windows Phone 7 as well, and you can't upgrade from a P1 plan (SME up to 50 users) to an E plan.

Page 1 of 3 (45 items) 1|2|3|