Does the Applicant actively monitor all administrator access for unusual behavior patterns?

One item that comes up in cyber insurance questionnaires, or oddly, even inside a company where the Cyber team works as a separate gatekeeper and apart of product is, "Does the Applicant actively monitor all administrator access for unusual behavior patterns?"

What exactly is unusual behavior patterns? It is subjective and many may come up with different use cases and opinions.  At what point does the number of alerts become overwhelming?

I have enabled "Entity Behavior" in Sentinel, and have taken a subset of the 99 queries that come as part of the Active Directory Data Connector and applied ones appropriate for our organization.  Can anyone recommend other queries (or repositories) that I can turn into alerts to demonstrate 'best effort' in complying with this subjective requirement?

As a side note, I tried opening the link to the Sentinel blog from inside Sentinel but I don't have permissions.

https://techcommunity.microsoft.com/t5/azure-sentinel/bg-p/AzureSentinelBlog