Group Membership Enforcement controls for policy and regulatory compliance, and prevents insider and external abuse.
It is a security best practice to eliminate unnecessary privileged accounts. Although you can apply Group Membership Enforcement to any group, it is mostly applied to the Administrators Group. Group Membership Enforcement ensures membership to the Administrators Group is enforced at all times.
Before enforcing groups and users, you must first run the Local User Inventory Policy to discover the resources that you can work with.