Yes, you can configure Access-list on the inside interface where the user is connected to:
Assuming that your user inside interface is 192.168.0.0/24, and the exchange network is 192.168.4.0/24, and assuming that your exchange server is 192.168.4.5:
access-list inside-acl permit tcp 192.168.0.0 255.255.255.0 host 192.168.4.5 eq 80
access-list inside-acl permit tcp 192.168.0.0 255.255.255.0 host 192.168.4.5 eq 443
access-list inside-acl deny ip 192.168.0.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list inside-acl permit ip 192.168.0.0 255.255.255.0 any
First 2 lines is to allow inside users towards the exchange server on port 80 (HTTP) and 443 (HTTPS)
Third line is to deny any other communication between the inside network to the exchange network
Fourth line is to allow comunication from inside towards the other interfaces (eg: outside/internet).
Hope this helps.