Hi @uday nair ,
Thanks for your post! I'm sorry to hear that you are facing an issue with brute force attacks and worrying about the possibility of a Denial of Service attack. There are several options you could implement to mitigate this risk.
In Azure AD, Smart Lockout is great way to safeguard against brute force attacks. If you enable Smart Lockout, accounts will be locked by default for one minute after 10 failed attempts to sign in. You can also configure the threshold to lock accounts after fewer attempts. After subsequent failed attempts, the lockout period increases.
For email threats specifically, Microsoft Defender for Office 365 offers protection against advanced attacks, including phishing, brute force attacks, and ransomware. It has been used to block billions of brute force attacks and phishing emails. It offers network throttling to protect Office 365 infrastructure and customers from Denial of Service attacks by limiting the number of messages that can be submitted by a specific set of infrastructure.
In addition, implementing MFA for your users and applying conditional access policies will make it harder for bad actors to break through, since users would be required to perform multiple forms of authentication.
See also: Microsoft Denial of Service Defense Strategy
If the information was useful to you, please Accept the answer. This will help us and improve discoverability for others in the community who may be researching similar questions.