Hey Nick
Thanks for posting,
You should secure the AD FS account partner server with firewall IP restrictions to be able to limit the incoming traffic from your resource partner IPs also with any HTTPS server-side-certificate-only, Windows authenticated, open-to-the-internet service that You operate has this vulnerability