How to create Playbook and automation rules for M365 Defender for Identity, Endpoint, Cloud Apps, an

We are in the process of comparing the different SOAR solution in the market i.e Google Secops and Swimlane with respect to Logic Apps ( Sentinel) . The main findings that is comming up again and again is due to insufficient case management capabilities in Logic Apps it makes choosing microsoft stack for SOAR is a bad choice for a big COmpany like ours with more than 200,000 users and multi country presence. Can some one share their experience on this subject if they have lived through a similar scenario and what has been their exprience or finding ?