Description:
How to avoid a Brute Force Attack to lock all user accounts from my User Store?
Solution:
To stop a Brute Force Attack from the internet against your User Store, you have first to filter requests by IP's on:
And you can avoid getting massive locked accounts by setting the Password Policy to re-enable the User's account after a period of time by the "Expiration" Tab of the Password Policy.