Based on the Microsoft documentation here:
A message is encrypted, or transformed from plain text into unreadable
ciphertext, either on the sender’s machine, or by a central server
while the message is in transit.
and the following here:
Are Office 365 encrypted messages stored in the cloud or on Microsoft
servers?
No, the encrypted messages are kept on the recipient’s email system,
and when the recipient opens the message, it is temporarily posted for
viewing on Office 365 servers. The messages are not stored there.
and here:
Can I read the encrypted messages over mobile devices?
Yes, you can view messages on Android and iOS by downloading the OME
Viewer apps from the Google Play store and the Apple App store. Open
the HTML attachment in the OME Viewer app and then follow the
instructions to open your encrypted message. For other mobile devices,
you can open the HTML attachment as long as your mail client supports
Form Post.
and the following here:
To view encrypted messages, recipients can either get a one-time
passcode, sign in with a Microsoft account, or sign in with a work or
school account associated with Office 365.
and this here:
Encrypted messages can be viewed on any client device, as long as the HTML attachment can be opened in a modern browser that supports Form Post.
and important this here:
During the decryption process, the encrypted mail you receive will not
be stored by the Portal; it will not be transmitted outside the Portal
at any time.
I would say that there is no option to use EWS to read such emails as that would be totally against what Microsoft wrote above. Because then the Administrator can bypass the encryption which isn´t possible without having the users password. So I would assume that EWS has the same restrictions as an Administrator and therefore isn´t able to perform that.
However as Office 365 Message Encryption uses Rights Management Services (RMS) as its encryption infrastructure (see here) you might wish to check what you can build on RMS.
