As an admin in an enterprise setup, I wouldn’t mind this functionality as long as the admin can disallow this in the settings.
Obviously, it would only apply to private messages sent after the option became activated. And users would need to be informed that their messages won’t be encrypted before sending their first message, to balance the needs of the enterprise with the privacy expectations of the users.