Yes, that TLSSenderCertificateName attribute only comes into play when TLS is forced.
In a hybrid environment, you force TLS
Exchange on-prem will send messages using TLS and Exchange Online will use TLS by default as well - so you are covered.
THe only way it wont would be using a SMTP relay that doesnt support TLS or you created a connector that disabled that.