Any automated way to flag suspicious sign-ins beyond Identity Protection?

A key difference between interactive and non-interactive sign-ins and how to monitor them?

 How does Azure AD calculate a “High” risk rating for users?

Best actions for handling high-risk users apart from MFA/password resets?

Also, I often see log entries like:

Update system, refresh token validation, DeleteDataFromBackend, DeleteDataFromCosmosDb, Group life cycle policy_get, synchronization rule action, Disable Strong Authentication, update StsRefreshTokenValidFrom Timestamp, Post user authentication method security info registration callback.