In the previous versions of CRM, when you put it into IFD mode and added a HTTPS binding to the IIS website, users could still hit the HTTP binding and be directed to ADFS for authentication and back to the CRM on HTTPS after authentication had taken place. In CRM 2016 it no longer has this functionality. It also seems that not many people knew about this functionality, including some at Microsoft.

To resolve this issue whack this

<rule name="HTTP to HTTPS redirect" enabled="true" stopProcessing="true">
    <match url="(.*)" />
    <conditions>
        <add input="{HTTPS}" pattern="off" />
    </conditions>
    <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" redirectType="Found" />
</rule>

in the top of the section called

<rewrite>
    <rules>

in the web.config of the CRM website.
It's not supported but it will get the much more useful functionality back.

If you install an update roll up it may wipe this entry from the web.config file.