Hello

If you go to Security & Compliance center ->  click reports section, there is a dashboard mentioning  TLS 1.0 1.1 1.2  mail flows.    Both for incoming and outgoing emails.   These are interactive, so you can drill-down on the sections by clicking on them.

If you want to see list of individual mails, you can trace them from the section "Mail Flow" and the information should be included in an extended trace report.  It's not available in the default summary report.

If you have four mails only without TLS, it's usually something like scan to mailbox solution on a multifunctional printer.

Cheers

Hi

When you perform a message trace with extended details you have a property called "Custom_Data".   That column reflects the type of connection that was used and which version of the protocol was used.   You have to  wait for the report to build for a few minutes, but in there you'll have the information.   :)

Check the screenshot for an example of the output.

Hope this helps you out ...   and if so mark the reply.  

Cheers

David