Your Outlook 2013 or 2016 is disabling the encryption add-in at start up. This happens because Outlook thinks the COM add-in loads too slow, this can cause critical add-in to be turned off, like it is the case of the encryption add-in.
Via a registry key we can tell Outlook to not disable the add-in, hence forcing it to allways load it. This can be applied via GPO, also anyone may also be able to add the key if registry edits are allowed.
1. Find the add-in name:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\nn.0\Outlook\Addins (nn = your version of Outlook)
The add-in name will start with GatewayEncrypt, in a 32-bit Outlook it will show as GatewayEncrypt.Connect.
2. Edit the registry key (GPO mode)
HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\outlook\resiliency\addinlistRG_SZ= add-in name Value = 1
HKEY_CURRENT_USER\Software\Policies\Microsoft\office\15.0\outlook\resiliency\addinlistRG_SZ= add-in name Value = 1
Values as follows:
0 = always disabled (blocked)
1 = always enabled
2 = configurable by the user and not blocked by the "Block all unmanaged add-ins" policy setting when enabled
3. Edit the registry key (user mode)
HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Resiliency\DoNotDisableAddinListRG_SZ= add-in name Value = 1
HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Resiliency\DoNotDisableAddinListRG_SZ= add-in name Value = 1
More info: https://msdn.microsoft.com/en-us/VBA/Outlook-VBA/articles/support-for-keeping-add-ins-enabled