Enable audit logging for privileged group membership changes

LowCompleted

Configured Windows audit policy to log all changes to Domain Admins, Enterprise Admins, and Schema Admins groups. Logs forwarding to SIEM.

Expected Impact

No operational impact. Slight increase in event log volume (~2%).

active-directoryauditcompliancesiem

Status updates are disabled in demo mode.