Creating alert on Azure Sentinel for every alert whenever there is a valid AD authentication from someone outside the US

Question

The alert needs to fire a list who the user is and the country/country code of where the authentication came from. Anybody done this before?