HOTSPOT
You implement single sign-on (SSO) between Office 365 and an on-premises deployment of Active Directory.
You need to configure Active Directory Federation Services (AD FS) to prevent users from being able to log on
for 30 minutes after they attempt to log on by using a bad password 10 consecutive times.What command should you run? To answer, select the appropriate options in the answer area.
Hot Area:
Answer: 
Explanation:
An example of enabling ExtranetLockout feature with maximum of 10 number of bad password attempts and
30 mins soft-lockout duration is as follows:Set-AdfsProperties-EnableExtranetLockout $true -ExtranetLockoutThreshold 10 -ExtranetObservationWindow
(new-timespan -Minutes 30)
https://blogs.msdn.microsoft.com/luzhao1/2015/06/24/demystify-extranet-lockout-feature-in-ad-fs-
3-0/
There are several advantages of enabling Extranet Lockout feature in AD FS. First of all, it protects your user accounts from brute force attacks where an attacker tries to guess a user’s password by continuously sending authentication requests. In this case, AD FS will lock out the malicious user account for extranet access. Second of all, it protects your user accounts from malicious account lockout where an attacker wants to lock out a user account by sending authentication requests with wrong passwords. In this case, although the user account will be locked out by AD FS for extranet access, the actual user account in AD is not locked out and the user can still access corporate resources within the organization. We call it soft-lockout as compared to actual AD account lockout