Even if there was a flag/bit in a system table you'd still have the possibility of missing some logins, eg:
- you would need to set up a process to periodically poll the system table(s)
- you would miss any login sessions that are brief and occur between your polling intervals
To make 100% sure all sessions are using encryption at login you'll need a means of capturing a history of all login sessions. Under this scenario a couple options come to (my) mind:
- install auditing; configure auditing of logins; disable auditing (uninstall if necessary) once you've completed your verifications
- pass *ALL* connections through a network sniffer that can capture the details necessary to determine if encryption was used at login [NOTE: I don't really recommend this method as it can be quite messy and can adversely affect performance.]