We were waiting it for a long time, it’s now available in self-service mode within “Manage your domain” settings. Go to “Domain Settings”, then “General”, and you will see the SSL checkbox:
This will enforce the HTTPS:// protocol for your URLs, even if you typed HTTP://.
This is a great feature, because we have seen users which contacts lists have been hacked, when using for example public wifi connexions.
Google solves the problem offering this security feature, and we advise you to immediately check this option for all your domains. But it is only available for premium and education Google Apps editions.
For those who are running Google Apps free edition, we recommend you to type yourself your URLs as HTTPS, and keep them like this in your bookmarks. All the following navigation through the Google Apps services will remain HTTPS. You can also use the firefox add-on, Better GMail 2, to enforce specifically GMail.
PS: keep in mind that if you invite an external user to your domain, this enforcement will not be active. This external user will be available to use HTTP URLs. We hope Google will enforce this very soon also.