This is the scenario, you want to enable forced TLS on all messages you send through Office 365 / Exchange Online with a partner Organization.
The quickest way to do this, is by PowerShell.
First, you create a new inbound connector.
New-InboundConnector -Name "Contoso Inbound Connector" -SenderDomains *.contoso.com -RequireTls $true
Second, you create a new outbound connector.
New-OutboundConnector -Name "Contoso Outbound Connector" -RecipientDomains *.contoso.com -TlsSettings CertificateValidation
This enables all the settings you need in Office 365 for requiring only use of TLS on all email messages between your organization and your partner organization.
Of course, the partner organization also need to set up this in their environment as well.
Important to note, it will take some time before this actually is activated in Office 365 after you have created the connectors. From my own experience, it will be working within 15 minutes.
You can test the setup by using tools from this webpage: http://www.checktls.com
//xostmoen – Alexander Østmoen