Microsoft isnt making anyone pay. Yes you can secure two endpoints with SSL but withouth a trusted authority (verisign, etc) then the certificates are meaningless, as noted already. Anyone can spoof their certificates to be anyone else with no verification - not very secure for end users, who might think they are buying something over a secure channel that really is some other site.