Purpose: This change will enable additional lockout for external attacks that hit ADFS for authentication, providing for more protection on user accounts without affecting their AD account (not locking that out). We need 3-7 days of observation before enabling. Since many are on leave and minimal staffing over the weekend, we move to enable this early on Monday so we have full staff on hand.
Impact: This will lockout a user account from the ADFS perspective for 5 bad passwords in 5 minutes. Only when a user meets that threshold will they be locked out.
Affected: This is in scope for all users.