The Transport Layer Security (TLS) protocol provides safe and private communication by generating a unique key for symmetric encryption so that the information cannot be read or modified by third parties. It also allows you to authenticate one or both servers using public-key cryptography (certificates). To set this up, hover over the section and click CONFIGURE:

Start by writing the usual short description for this setup and, in the first field, select whether you want to target inbound or outbound messages. You can also choose to only use it for outbound messages when required by another setting:

In the second field, you can select or create the address lists where Gmail will be using TLS:

If you enable the last option, Gmail will require the receiving server to provide a valid certificate signed by a certificate authority. This is done to prevent fake third-party servers from pretending to be one of your team's contacts: