@Dean Gross Haven't really thought it all through but I can see granting access to certain Azure Lighthouse groups for customer access based on attributes (not sure if that would be easier than granting access to the group or not)

You could also setup table level access control and use attributes to determine who can access that (I think): Manage access to Azure Sentinel data by resource | Microsoft Docs