@Stephen - if you change the default to quarantine and don't have allow rules to override for devices, or for users, all devices would enter quarantine. So be careful to have all the existing devices mapped to rules before changing the default behaviour for unknown devices.
@Petri - Agreed on one hand, but on the other, we haven't recommended using account lockout policies for a long time. The approach we recommend is strong password/phrases, monitoring for password DoS or cracking attempts (which would pick up your scenario), and taking action on them, not locking accounts out after a small number of incorrect logon attempts.
Another approach is stop using username/passwords altogether, and move to certificate based authentication.
Microsoft
