Thank you for reaching out to us.
I don't believe this is possible. AIP requires at least an O365 E3 license in order to activate AIP/RMS
But assuming that only 1 E3 license is available, only that one person would be able to encrypt data and decrypt it, it would not be available to outside users
Let me know if you have any questions.