Your Outlook 2013 or 2016 is disabling the encryption add-in at start up. This happens because Outlook thinks the COM add-in loads too slow, this can cause critical add-in to be turned off, like it is the case of the encryption add-in.

Via a registry key we can tell Outlook to not disable the add-in, hence forcing it to allways load it. This can be applied via GPO, also anyone may also be able to add the key if registry edits are allowed.

1. Find the add-in name:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\nn.0\Outlook\Addins (nn = your version of Outlook)

The add-in name will start with GatewayEncrypt, in a 32-bit Outlook it will show as GatewayEncrypt.Connect.

2. Edit the registry key (GPO mode)

Outlook 2016

HKEY_CURRENT_USER\Software\Policies\Microsoft\office\16.0\outlook\resiliency\addinlist
RG_SZ= add-in name
Value = 1

Outlook 2013

HKEY_CURRENT_USER\Software\Policies\Microsoft\office\15.0\outlook\resiliency\addinlist
RG_SZ= add-in name
Value = 1

Values as follows:
0 = always disabled (blocked)
1 = always enabled
2 = configurable by the user and not blocked by the "Block all unmanaged add-ins" policy setting when enabled

OR

3. Edit the registry key (user mode)

Outlook 2016

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Resiliency\DoNotDisableAddinList
RG_SZ= add-in name
Value = 1

Outlook 2013

HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Resiliency\DoNotDisableAddinList
RG_SZ= add-in name
Value = 1

More info: https://msdn.microsoft.com/en-us/VBA/Outlook-VBA/articles/support-for-keeping-add-ins-enabled