How to redirect an HTTP connection to HTTPS for Outlook Web Access clients and how to redirect the Default Web Site to point to the Exchange virtual directory

This article describes how to automatically redirect an HTTP connection to an HTTPS connection in the Internet Information Services console (IIS) for Microsoft Office Outlook Web Access (OWA) users. This article also describes how to modify the IIS Default Web Site so that clients can access the Outlook Web Access logon page by typing only http:// instead of typing http:///exchange.

We recommend that you require a Secure Sockets Layer (SSL) connection for your OWA users. An SSL connection encrypts the information that is sent to or received from the Microsoft Exchange Server computer. However, when you configure IIS to require SSL for all incoming OWA requests, OWA users who try to connect by using HTTP receive the following error message:

HTTP 403.4 - Forbidden:
SSL required
Internet Information Services

After the OWA user receives the error message, the user must manually type https:// at the start of the URL to connect to the Exchange Server computer. You may want to configure IIS to automatically redirect the OWA user's HTTP request to HTTPS to minimize user interaction and to make sure that all incoming requests are enabled for SSL.