There is no account lockout concept in a complete Managed Domain scenario, i.e in case you have your all cloud users, then AAD, is the authority that handles your authentication. In this case, there is nothing called Account Lockout. If a cloud only user makes bad password attempts, the Smart Lockout feature engages and forbades the user from making further attempt to login. It governs the lockdown period based on its algorithm.
When the account gets locked, it means the account is blocked from signing. Once we toggle Block sign in option to 'Yes', it basically changes the value of AccountEnabled attribute to False. You can check this via Graph API (https://developer.microsoft.com/en-us/graph/graph-explorer)
- Login to graph explorer with Global Admin account by clicking on "Sign in with Microsoft" button.
- Make a GET call > https://graph.microsoft.com/beta/users/USERNAME@YOUR_TENANT.onmicrosoft.com?$select=accountEnabled
- If you want to fetch this information about all users in your tenant, use > https://graph.microsoft.com/beta/users?$select=displayname,accountEnabled
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.