You can use transport rules to cook up something that might work, but there are major downsides to such approach. Most importantly, any message that you reject will never be delivered (i.e. the sender server will not try to resend it say on Monday morning). Some organizations opt to include a disclaimer in the message, instead of blocking it outright. Moderation is also an option... but not realistic for any organization of size.
Another option is to block user's access to the service instead, i.e. set their account status to Blocked. Similarly, you can disable only access to Exchange Online, by means of configuring a CA policy, or toggling the protocol settings. This has the downside of causing annoying prompts from the various apps that users might have configured their accounts on.
Yet another alternative is to configure restrictions on the client side, but that assumes all the devices are managed. Outlook add-ins might also help.