This should be worth more than points, but here goes.
I have a client who does business with law enforcement and the military. This company is currently using gsuite for email. The owner saw a documentary about how google mines his emails for data to sell to third parties and he went ballistic. To prove the point, we created a new account in gsuite and sent out a couple of emails referencing a fictitious camera by make and model, and we threw in a lens by size. Within about three minutes, we were receiving ads for this make of camera and lens. Then, within about five mins, we started getting promo email in the mailbox from B&H photo and others about that make of camera and lens. The specific model we used wasn't referenced, but that make was. So, it was clear to him that google is mining the email and he doesn't like it. That's a lot of typing to say we want to change email providers.
So, the owner reads about Proton mail and I do some research. I'm not liking the mail living in the cloud and I'm not excited about the mail living in another country either.
In my mind, if you really want to own your email, you need to host it on prem and exchange is the way to go. I only say that because I'm an exchange guru. So, the question becomes, if I host the mail in house, on exchange, can I encrypt it? IF yes, how? Do I use an appliance like Barracuda or what?
Looking for some feedback on options here. Options for encrypting email sent by exchange.