Some of you may be familiar with the Office 365 Message Encryption (OME) solution. This solution has been available for some time in Office 365 for some time and it is next release of the Exchange Hosted Encryption (EHE). OME is a slick solution that allows administrators to rules and policy to encrypt email that is leaving the organization. Encryption policy is simply added to transport rules. When a message goes external, the receiver of the email will be given a simple user experience to access the email. To date, the external receive of the email had to authenticate to access the email by using either their Office 365 ID (if they are an existing Office 365 user) or use a Microsoft Account which is free and anyone can sign up for.
This past month, Office 365 has modified this offering to now allow external receivers to access a message using a One-Time Passcode to access the encrypted message. The user does not need to have a Microsoft Account either. This provides a lot flexibility to be able to send an encrypted message externally. The external user simply selects the option to view with a one-time passcode which will be separated emailed to them. If your organization does not like this option, it can be turned off through PowerShell.
Remember OME is not the only type of encryption that is available in Office 365. I typically put encryption into three buckets. There is encryption in transit supported with TLS and SSL. There is encryption at rest with BitLocker. There is finally payload encryption which you can use OME, Information Rights Management (AD RMS) and S/MIME.
Here are some references: