By default the TFS setup creates on your IIS Default Web Site an application named TFS. In most setups I’ve seen so far, the used IIS is only used by TFS so why not use HTTP Redirect for your TFS application?
The typical scenario looks somehow like this:
TFS is installed on a virtual machine, inside Default Web Site, nothing else installed on Default Web Site.
DNS-Name is something similar to https://tfs.<domain>.com
TFS webaccess Url is similar to https://tfs.<domain>.com/tfs
If you browse https://tfs.<domain>.com you’ll get an 403 error, not authenticated.
Would be fine if the default domain would redirect to the TFS application like this:
On your Default Web Site go to Http Redirect:
In the screenshot below you can see how the redirect should be configured