Use the Secure transport (TLS) compliance setting to require mail to be transmitted via a secure connection when users correspond with specific domains and email addresses.

You can configure this setting for both inbound and outbound mail. If TLS is not available at a domain that you specify in this setting, inbound mail will be rejected and outbound mail will not be transmitted.

Similar to other email security settings, the Secure transport (TLS) compliance setting applies to all users in an organizational unit. Users within child organizational units inherit the settings you create for the parent organization.

To set up TLS compliance settings for your domain or organizational unit:

1. Sign in to the Google Admin console. 
2. Do one of the following:
   • In the classic Admin console, click Settings > Gmail.
   • In the new Admin console, click Google Apps > Gmail > Advanced settings.
     ^{Where is it? Which Admin console do I have?}
    
   
   
3. In the Organizations section near the top of the page, highlight your domain or the organizational unit for which you want to configure settings (see Configure email settings for an organizational unit for more details).
   
   
4. Scroll down to the Secure transport (TLS) compliance section:
   
   
   • If the setting's status is Not configured yet, click the Configure button near the right edge of the window (the Add setting dialog box opens).
   • If the setting's status is Locally applied or Inherited, click Edit to edit an existing setting (the Edit setting dialog box appears), or click Add another to add a new setting (the Add setting dialog box appears).
     
     
5. Click Add description to enter a short description that will appear in the setting's summary.
   
   
6. To configure this setting for both inbound and outbound mail, leave the Inbound and Outbound checkboxes selected.
   
   Note: Inbound messages are messages received by your users from senders outside the set of domains associated with your company or organization. Outbound messages are messages sent by your users to recipients outside the set of domains associated with your company or organization.
   
   
7. To specify the list of domains and/or email addresses that require TLS delivery, click Add or create a new one:
   
   
   • Enter a name for your new list in the Create new list field.
   • Click Create.
   • Move your pointer over the list name, and click Edit.
   • Click Add.
   • Enter comma or space delimited email addresses or domain names.
   • Click Save.
     
     
8. When you are finished making changes, click Add setting or Save to close the dialog box.
   
   Note: Any settings you add will be highlighted on the Email settings page.
   
   
9. Click Save changes at the bottom of the Email settings page.