Hi, @Lim Chong Sun
In this article you can check in details the Hybrid Modern Authentication.
https://learn.microsoft.com/en-us/microsoft-365/enterprise/hybrid-modern-auth-overview?view=o365-worldwide
You cannot block the Conditional Access to legacy authentication because the Conditional Access works only on Modern Authentication, or in this case Hybrid Modern Authentication.
When you enable the Hybrid Modern Authentication, its for all your Exchange Organization, not to one or other user.
After enabled, the Hybrid Modern Authentication depends on clients and protocols support to work, like Outlook 2013 and MAPI over HTTP. So, if the user have the minimum requirements to use HMA and the HMA its enabled in your environment it works, otherwise, the user still using legacy authentication regardless of whether the user uses EXO or EXCH.
Hope this helps.
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards,
Kllin Nunes