I've noticed this at most customers using opportunistic TLS. Gmail is going to establish TLS and you won't be able to monitor it at the network egress point.
You might consider an additional span for SMTP at the point in the network between Exchange and your MTA, before TLS is established. I've had a few customers do that successfully. It might have other implications that you'll need to deal with, however. For instance, you might have to disable TLS between Exchange and the MTA if it's enabled (and you're willing to do that).
Otherwise, you'd need SMTP Prevent (configured for TLS), or Endpoint (inspecting mail at the Outlook client level before any TLS ever happens).