“Secure Email” is a salesforce native application that allows the customer to send and receive encrypted emails inside the salesforce. It’s all about security, encryption, and ease of use. The standard salesforce emails are not secured by nature(in transit and at rest).
...
In a typical configuration Microsoft will attempt to send email using Transport Layer Security (TLS). This may result in TLS 1.2 or higher being used however if the recipient server does not support them then an older less secure protocol may be agreed on. If the recipient email server does not support SSL/TLS the mail will be delivered without transport layer security.
It is possible to configure Microsoft to require TLS for delivery however when this requirement is in place recipients that do not meet the requirement will not receive the email. This can happen when TLS is not supported but also if there is a temporary error state such as a misconfigured server in a cluster. Additionally the customer would have to discuss with Microsoft if the resulting configuration was covered by the Microsoft BAA for HIPAA compliance.
A key value add with Paubox is that we allow HIPAA compliant email delivery even when a recipient email server can not establish a TLS 1.2 or better connection. In that scenario we send the Secure Message Link so the mail may be received in the Secure Message Center and maintain HIPAA compliance event when TLS is not supported by the recipient or their server experiences an error preventing the TLS connection.
This is general answer and configuration can depend on broad range of configurations offered by Microsoft.
...