Hello @Waleed Waleed !
Welcome to Microsoft QnA!
First you must enable Modern Authentication
You can set up Conditional Access Policies or Per User MFA
You need Azure Premium P1 License , it is included in most plans
1. Set up Azure AD Connect: Ensure that Azure AD Connect is installed and configured to synchronize user accounts from your on-premises Active Directory to Azure AD.
2. Enable MFA for Azure AD users: Enable MFA for the user accounts that require MFA. You can enable MFA individually for each user through the Azure portal or in bulk using PowerShell.
3. Configure Conditional Access policies: Create a Conditional Access policy in Azure AD to enforce MFA for Exchange on-premises. The policy should target the specific user group or users and require MFA when accessing Exchange resources.
4. Enable Modern Authentication for Exchange: Ensure that Modern Authentication is enabled on your Exchange servers. Modern Authentication is required for MFA to work with Outlook applications.
5. Configure MFA for Outlook clients: Depending on the Outlook client versions used by your users (e.g., Outlook for Windows, Outlook for Mac, Outlook mobile apps), you can configure the MFA settings accordingly. For Outlook for Windows, you can utilize the "Enable modern authentication" option in the Exchange Online PowerShell module. For Outlook for Mac and mobile apps, MFA is typically enforced by Azure AD, so the user will be prompted to complete the MFA process when accessing their mailbox.
6. Test and monitor: Test the MFA setup by accessing Exchange on-premises resources using Outlook clients. Monitor the authentication logs in Azure AD to ensure that MFA is being enforced as expected.
If you need more assistance please let us know!
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!
Regards