Hi @Jamil Saif
Please refer to the discussion in below thread about MFA for on-premise Exchange activesync
Exchange Server 2016 On-Premise and 2FA/MFA
Exchange ActiveSync with Azure AD Application Proxy
For more information about Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication
I also see a workaround using Activesync Device Quarantine. All new ActiveSync devices go into a quarantined state until approved by IT. The IT department has to get confirmation from the user that they added the device, and if they had an old device, what was done with it to properly wipe the email off.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.