Your company has an Exchange Server 2016 organization and a Microsoft Office 365 subscription configured in a hybrid deployment.
You configure the synchronization of on-premises Active Directory accounts to Office 365.
All users connect to email services by using Outlook 2016.
You plan to deploy Office 365 Message Encryption for the mailboxes of two executives named Exec1 and Exec2. The mailboxes are hosted in Office 365.
You need to recommend which actions must be performed to ensure that all of the email messages sent from Exec1 and Exec2 to any recipient on the Internet are encrypted.
Which two actions should you recommend? Each correct answer presents part of the solution.
A. Deploy Microsoft Azure Rights Management (Azure RMS) to the Office 365 subscription.
B. Deploy Active Directory Rights Management Services (AD RMS) to the network.
C. Run the Set-MsolUserLicense cmdlet.
D. From the Office 365 Exchange admin center, create a rule.
E. Install a certificate on the computer of Exec1 and the computer of Exec2.
F. From the on-premises Exchange admin center, create a transport rule.
I think A,D
transport rule should be done in Office 365
https://blogs.technet.microsoft.com/canitpro/2015/05/19/step-by-step-setup-and-enablement-of-office-365-message-encryption/