Hi,
To my knowledge, supported services for MFA in Exchange on-premise are OWA/ECP. There are various methods to achieve this,
- Using ADFS
- Cloud based - Azure
- Reverse proxy + cloud based - for instance, reverse proxy can be integrated with NPS for RADIUS and using NPS extension on that server for secondary authentication in Azure
- Third party products like PingFederate/Duo and that has the clear documentation on the product itself for configuring MFA for Exchange on-premise
http://msexchangeguru.com/2017/01/16/secure-owa-ecp-with-mfa/
https://practical365.com/exchange-server/exchange-web-services-bypass-multi-factor-authentication/
https://social.msdn.microsoft.com/Forums/en-US/d28e3947-0a19-44d9-b39f-db9a4f6c21f3/mfa-on-premises-exchange-2016?forum=windowsazureactiveauthentication
If the above suggestion is helpful, please click on "Accept Answer" and Upvote it.