To secure Exchange mails with MFA, you must install the DualShield IIS agent on every Exchange Mailbox Server or Exchange Client Access Server (CAS).