Once you have found several valid usernames/e-mail address you can try some common passwords with each of the discovered users. (Keep in mind the password and lockout policy of the environment, by default in Active Directory the minimum password length is 7 and lockout is 5.)
Watch out for AzureAD Smart lockout. Use fireprox and/or the delay param.
Website login POST -> intruder -> clear $ -> Highlight user param -> set password -> Attacktype Sniper -> payload 1, user list -> run