First, confirm that mailbox intelligence is supported and enabled in your hybrid Exchange Server setup via the Microsoft 365 Defender portal, then use this portal to create/manage anti-phishing policies with mailbox intelligence enabled.
To enable mailbox intelligence for all users as part of implementing a Microsoft Defender for Office 365 anti-phishing policy in a hybrid Microsoft Exchange Server organization, you should first ensure that mailbox intelligence is supported and enabled in your environment. Mailbox intelligence relies on machine learning to understand individual user's email patterns, enhancing the anti-phishing policy's effectiveness by detecting anomalies in those patterns. To do this, the Microsoft 365 Defender portal is typically used, where you can create and manage anti-phishing policies under the Threat Management Policy section.