I don't want to require the use of TLS 1.2 in Exchange online/O365 as it might result in some important business email not being sent/received.
So has anyone found a way to actually encrypt all in/out going emails with e.g. Office 365 Message Encryption (OME) to ensure it is encrypted, if not using TLS.
Firstly I would like to clarify that TLS doesn't encrypt the message, just the connection. If you want to encrypt the message, use an encryption technology that encrypts the message contents. For example, you can use Microsoft Purview Message Encryption or S/MIME.
You mentioned that some important business email not being sent/received, how did you confirm this issue is caused by TLS? By default, Exchange Online always uses opportunistic TLS. Opportunistic TLS means Exchange Online always tries to encrypt connections with the most secure version of TLS first, then works its way down the list of TLS ciphers until it finds one on which both parties can agree. Unless you have configured Exchange Online to ensure that messages to that recipient must use secure connections, then by default the message will be sent without encryption if the recipient organization doesn't support TLS encryption. Please refer to the document: How Exchange Online uses TLS to secure email connections - Microsoft Purview (compliance) | Microsoft Learn
