Add policy to prevent brute force attacks in the API Management Consumption Tier
Currently in Consumption Tier, there is no way to prevent abuse of unauthenticated endpoints. This allows attackers to be able to keep hitting these endpoints with random inputs until they succeed.
Examples of such endpoints could be account activation, registration, password reset where an attacker can keep calling these endpoints with random values, since there is no throttling or check of any kind per API method to limit calls from the same IP in a given time frame.
