I think this is because change in authentication. You are not using default authentication provider.
yes, thats what I think also, so just wondering if there is config to make it work or something I need to implement? If not I can just create a plugin that will allow CMS users to update as I can see the values "LockoutEnabled", "LockoutEndDateUtc" and "AccessFailedCount" in "AspNetUsers" getting set correctly.
I saw this post when I have got same problem with you and I write some tips for this here https://world.episerver.com/blogs/binh-nguyen/dates/2020/4/lock-and-unlock-account-using-aspnet-identity/ after investigating.
Hope this still help you
I've configured my site to use EPiServer AspNetIdentity as the authentication module. I've also configured user lockout settings in ApplicationBuilderExtensions as per https://world.episerver.com/documentation/developer-guides/CMS/security/episerver-aspnetidentity/
I've noticed in the CMS UI when editing a user that the "Account locked (too many failed logon attempts)" is greyed out. I assume this is a result of the change in authentication OR is there some extra config required to hook this up? i.e. If an account does get locked out I would like to use the existing UI to unlock.