-In OWA we were able to see and use both the options of Encrypt and Do not Forward and then send an email to external address.
-Sent a test email to my organization email address, which I received and it was encrypted with Forward button being greyed out. Hence confirmed that encryption is working as expected.
-received confirmation from our engineering team that the cmdlet Test-IRMConfiguration has to be executed along with recipient parameter or else would fail.
-checked internally with EXO resources and there were code changes done to that command, if we don't use -Recipient parameter, it will block creating ad hoc license without specifying a recipient.
Run the Test-IRMConfiguration with org domain, sender address, recipient address and make sure it pass. If it does not show Pass then something is wrong with IRM configuration.
Test-IRMConfiguration <Org> -Sender <sender email address> -Recipient <recipient email address>
More information:
article https://learn.microsoft.com/en-us/powershell/module/exchange/test-irmconfiguration?view=exchange-ps