Exchange Control Panel (ECP) uses Outlook Web Access (OWA) logon UI to verify users. If you enable 2FA on OWA then ECP logon will be automatically secured by 2FA.
However, if you want to enable 2FA on ECP only without OWA, then please follow this guide.
If you have not already done so, please refer to links below on DualShield Server and IIS agent setup.
Install DualShield Authentication Server
Also:
Create an ECP Admins group in AD and make your ECP Administrator accounts members of this group
1) DualShield Server Configuration for ECP Access
2) DualShield IIS Configuration for ECP Access Only