Based on my knowledge on cloud systems, when you brute force any modern cloud systems, which are mostly configured to throttle these kind of frequent requests and at some point locks the accounts to prevent further requests.
On the other hand, even though you execute a dictionary attack, that means you will be brute forcing the target account based on known or hacked password lists. That approach is more effective than raw brute force attacks that normally shortens total attack attempts.
Even though this is not an ethical guidance but if I was in your shoes, I would check target e-mail in
https://haveibeenpwned.com site to see if any of its passwords leaked during hacked systems. This will give you either to select dictionary based attack or raw brute force attack.
Best of luck.