I would instead suggest the opposite way around, use whitelisting instead. Whitelisting can be done in many ways: 1: You can either whitelist your customer's IP ranges. So if one customer has Telia in Sweden, you tell your firewall to allow 95.196.0.0/14. And so on for every customer/user.
2: You can geoIP. If you are only serving customers in specific regions, you can geoIP these as allowed in the firewall. 3: Or you can completely restrict authentication to only users inside the office, eg no outside access is allowed (and those that needs mail-from-home instead gets VPN access). All these methods will heavily cut down on all bruteforce.
smime.p7s
Description: S/MIME Cryptographic Signature