The LockOut feature is specific to HTML5 connection. 


But since HTML5 opens a local RDP session when the user is authenticated, the LockOut feature protects the RDP as well!


For Brute Force RDP protection, we advise installing and testing RDS-Knight, our state-of-the art security solution: https://www.tsplus.net/rds-knight.php