Outlook Classic for M365 - File > Encrypt > 'Encrypt-Only' option applies 'Do Not Forward' label?

I recently joined a new company and am helping support their M365 tenant and admin duties.

I'm running into a very weird issue where no recipients can actually read/view the message when we encrypt emails using only 1 specific method (our organization largely uses the Outlook Classic for Microsoft 365 desktop app).

If a user follows this method, for some reason the 'Do Not Forward' label is applied to the encryption, despite specifically selecting 'Encrypt-Only' - it defaults to 'Do Not Forward' every single time:

New Email > File > Encrypt > Encrypt-Only 

Sending emails with this method gives any/all recipients a "You don't have sufficient permissions to open the mail." regardless of where they try to open the email (OWA, Outlook Classic, New Outlook)

Yet, if the user tries this other method below - the proper Encrypt-Only label is applied, and any Outlook client immediately and opens/views the email as you'd expect:

New Email > Options ribbon > Encrypt properly applies the Encrypt-Only label

I verified IRM (Identity Rights Management) is enabled for our tenant:

And encryption tests pass with flying colors:

Ultimately, I'm at a loss for what's going on here and specifically where to check to fix this issue for this 1 specific encryption method.

Poking around in the Purview portal, I'm having a hard time figuring out where these encryption policies/settings lie and how to get this method to stop defaulting to 'Do Not Forward' even though 'Encrypt-Only' is checked.