@John Nickle
Thank you for posting this in Microsoft Q&A.
The IP address that you have mentioned in your query is Microsoft IP address. This address gets tracked in sign-in logs when there is a any Azure services which are accessed.
About the user accounts getting locked out in On-premise active directory, you can stop this from happening in ADFS itself.
In AD FS on Windows Server 2012 R2 onwards, we introduced a security feature called Extranet Lockout. With this feature, AD FS will "stop" authenticating the "malicious" user account from outside for a period of time. This prevents your user accounts from being locked out in Active Directory. In addition to protecting your users from an AD account lockout, AD FS extranet lockout also protects against brute force password guessing attacks.
This feature only works for the extranet scenario where the authentication requests come through the Web Application Proxy and only applies to username and password authentication.
Advantages of Extranet lockout
Extranet lockout provides the following key advantages:
- It protects your user accounts from brute force attacks where an attacker tries to guess a user's password by continuously sending authentication requests. In this case, AD FS will lock out the malicious user account for extranet access
- It protects your user accounts from malicious account lockout where an attacker wants to lock out a user account by sending authentication requests with wrong passwords. In this case, although the user account will be locked out by AD FS for extranet access, the actual user account in AD isn't locked out and the user can still access corporate resources within the organization. This is known as a soft lockout.
You can configure this feature in ADFS by following below article,
https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-soft-lockout-protection#how-it-works
https://learn.microsoft.com/en-us/windows-server/identity/ad-fs/operations/configure-ad-fs-extranet-smart-lockout-protection
Let me know if you have any further questions on this.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.