Hi,
Did you mean you want to know who changed the authenticated group permission for the GPO?
If i misunderstand you , please feel free to let me know.
For the group policy changes, we can enable the audit policy : Audit Policy Change
Changes include :
Changes to audit policy that are audited include:
Changing permissions and audit settings on the audit policy object (by using “auditpol /set /sd” command).
Changing the system audit policy.
Registering and unregistering security event sources.
Changing per-user audit settings.
Changing the value of CrashOnAuditFail.
Changing audit settings on an object (for example, modifying the system access control list (SACL) for a file or registry key).
More details you can refer to the following link:
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/audit-audit-policy-change
Best Regards,