No one has responded to this discussion for at least a year, so this information may be out of date. If you're looking for information about this topic, please search for a more recent discussion or post a new question.

HTTPS SharePoint

  • Hi,

    I tried to access Office 365 SharePoiint using HTTPS instead of HTTP. Except for the login I always fall back to http. With BPOS SharePoint access was always secured with https. Did I miss some configuration or is https not yet available?


    Mr. IW

  • same for my O365 for SMB offer.

    I don't see any place in the O365 for SMB admin interface or Sharepoint admin interface where SSL could be enabled or disabled

  • I am also seeing this.  SharePoint with SSL isn't very useful.  Hopefully this can be enabled.

  • SSL is not available currently with SMB accounts. Madness i know but lets hope they see common sense to change this. but dont exepct this during beta.

  • This is a show stopper.  How could you recommend Office 365 to any small business in good faith knowing that the data is not encrypted?  Does Microsoft have an official response to this yet?

  • Hi guys..

    I would just like to add my voice to this as well.  SSL on sharepoint is really essential for me too, lets hope MS adds this...

  • Fully agree with the above points. MS are encouraging users, including one man bands who are out on the road using public wifi to store their data in the Cloud/Office 365 and yet not providing basic security like SSL; this at a time when cloud security is a big thing, and MS are promoting themselves as a security concious company. Biggest single weakness I have found so far in my evaluation. Horror stories like the current Sony fiasco are sensitising even the most technical/security unaware user to the need for encrpytion.

  • remmeber that the Auth is forms Auth over SSL, so on the transimssion of documents to a from the hosting is in the clear or at least celar unencrypted. its not like Docs are plain text any more, but i still have to agree is stuipd to think that any SMB will pay for these types of services with out some of the most basic transimssion encription esp when you consider the public nature of wifi spots as previously mentioned.

  • I agree, was looking good until I noticed SharePoint was http only even after adding your own domain name to it and setting it as the default, I liked that I could create a list and link/replicate it in Access 2010 however again unsecure data transmission so 365 is useless to me unless it goes HTTPS like already is, silly things like security which mean we are still stuck with expensive on-premise solutions :/

  • I really don't understand what the design can be thinking on this one. Most documents are even more sensitive than emails for any business - contracts, acccounts, etc.

    This is a showstopper for me also, beta or not, makes no difference to me, it's equally important.

    Does anyone have any definitive dates as to if / when SSL will be available on sharepoint?

  • Just to add a point I'd forgotten earlier, for a one-man band / consultant, they'd surprisingly be more secure using Skydrive which DOES use SSL !  For documents storage and sharing it is actually more user-friendly than sharepoint. If you use the email the downside is that you can't use your own domain, although the account can "sent on behalf of" which may be acceptable for many individual professionals possibly?

  • I agree.  Personally, I will continue to use SkyDrive for sensitive documents instead of SharePoint for just this reason.

    I think the root of this problem is that Office 365 small biz is also designed to be your public website, so it has to be set to HTTPS, not HTTP.  I don't think you can have certain parts of a SharePoint site set to HTTPS and other parts of the same site set to HTTP.  So what they would need to do is one of the following:

    (1) Allow an Office 365 small biz customer to set their SharePoint site to HTTPS only, which would restrict them from using their own domain (because that would get into certificate issues), and essentially would turn off the ability for this site to be their public website.


    (2) Allow an Office 365 small biz customer to create a SECOND SharePoint site which is set to HTTPS.


    (3) When a SharePoint site is set to a custom domain, set it to HTTP-only.  When a SharePoint site is left to point to, set it to HTTPS-only.

  • SharePoint without SSL is a show stopper for me as well.  Not only are sensitive documents insecure, it makes integration with Windows Phone 7 impossible.  This makes it pointless to test the beta. Anyone can get email these days for free or cheap, document portability and security is much more important.

  • a possible option (4) to John Pattison's ideas would be to simply allow the upload of an SSL Cert for your custom domain (at cost of course), what harm could that do? I understand that it may be a technical nightmare for Microsoft to implement but it would solve all the issues? people would still have to forego the mix of HTTP and HTTPS unless you are happy for visitors to get the warnings when switching but such is life, I would choose HTTPS over HTTP for what I want to use it for (accessing SharePoint with other technologies like Designer, Access or a custom C# app).  Also has anyone had any trouble with other services like Windows Live Messenger, it wont let me login while I am logged into 365 with my new (temporary beta) account, is this expected behaviour/limitation!?.

  • one more voice. was reviewing to move my company to 365, but this will stop me as well. sharepoint for the company is a great tool, but if it's not secure i can't put anything of value on it ( sharing docs, work lists, etc. with my teams ).

    and to vote - if I had to do all HTTPS on my domain to get it, i'd gladly go that route.