I see that you can configure receipt of an email, but a feature to create a PSA ticket based on the results of scheduled queries, mapped to a customer would be most helpful and seem like a logical fit along with the position on how ITDR and Conditional Access work together. ITDR alerts after breach, ticketing on repeated failed attempts in Entra logs would be a helpful proactive option.