Private SharePoint sites accessed via a short name like
http://mysharepoint/ are automatically placed in the “Intranet” security zone by Internet Explorer. This allows Automatic Single Sign-On (SSO) with Windows Integrated Authentication for Domain Users on Domain Computers.
If your SharePoint is accessed via the Fully Qualified Domain Name (FQDN) – for example when connecting from home using SSL over the Internet, Internet Explorer will NOT automatically log you in by default because it places the site in the default “Internet” security zone.
To fix this, you need to tell Internet Explorer that the public-facing secure URL of your SharePoint site belongs in the Intranet Zone (allowing automatic sign-on). You do this by adding the public SharePoint URL to your IE Security Settings under the Intranet Zone section. The URL might be something like
See the following article for a discussion of why you should use the Intranet Zone rather than the Trusted Sites Zone for SharePoint. My summary: use the Intranet zone to make SharePoint behave the SAME on both the Short (Auto-Detected Intranet Zone) URL and Fully Qualified URL (Manually Specified Intranet Zone).
I may not like the implementation of these “Security Zones” as provided to us by Microsoft in Internet Explorer, but they’re built-in and this is something we must understand work with if we’re supporting the IE browser.