If your SIEM is Microsoft Sentinel, then this blog article:
Monitor Conditional Access with Microsoft Sentinel
And Analytics rules could be key.
If your SIEM is not Sentinel, then your SIEM may have specific data packs or connectors to enable this functionality by collecting the conditional access changes from the Azure activity log, and alerting off that.