I think you can try enabling auditing on user account and create a monitor or rule based on the related events. For details, please refer to:
- Enable auditing: Account Management
https://www.lepide.com/blog/audit-successful-logon-logoff-and-failed-logons-in-activedirectory/- Create an event monitor or rule:
How to Create a Simple Windows Event Unit Monitor
https://social.technet.microsoft.com/wiki/contents/articles/51547.scom-monitor-a-specific-windows-event.aspx
Windows Event ID 4624 – Successful logon
https://www.manageengine.com/products/active-directory-audit/kb/windows-security-log-event-id-4624.html#:~:text=Event%20ID%204624%20(viewed%20in,4625%20documents%20failed%20logon%20attempts.
Roger