I am trying to ensure that all my users have the encryption settings enabled and have 2 issues.

1 - they seem to have to enable this manually as it is personalized with their certificates (is there any way to enable or force this via GPO or some other mechanism)

2 - I do not know what percentage of users have actually done this or are using encryption... does anyone know how I could run a query or script that would allow me to gather this information either from exchange or the Certificate Authority

Since the public key is available there must be a way to check but ...