Account Changed
Windows 10
Windows 7
Enabled by default
Service: Microsoft Windows Security auditing
Log type: Security
Account changes, such as password and username changes may indicate a successful breach and a backdoor setup for a user. This log also can be used to track changes for legitimate users.
Compliance
HIPAA
Level: Recommended
PCI DSS
Level: Required
https://www.pcisecuritystandards.org/document_library?category=pcidss&document=pci_dss
Changes made to an account are logged by default in Windows 10 Professional. To view the logs, navigate to the Event Viewer Security tab and sort of filter by Event ID 4738.

To view this log in the command line with Get-WinEvent, open PowerShell as an administrator. From here, enter the command Get-WinEvent -FilterHashTable @{LogName='Security';ID='4738'}"

To view this log in the command line with wevtutil, open PowerShell or Command Prompt as an administrator. From here, enter the command wevtutil qe Security "/q:*[System [(EventID=4738)]]"

Additional References
https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/appendix-l--events-to-monitor
Get-WinEvent -FilterHashTable @{LogName='Security';ID='4738'}
auditpol /get /subcategory:"computer account management"
auditpol /set /subcategory:"computer account management" /Success:Disable /Failure:Disable
auditpol /set /subcategory:"computer account management" /Success:Enable /Failure:Enable