Ideally, you would track configuration changes through some sort of change management/approval procedure, but unauthorized/undocumented changes are a fact of life (in my experience, at least). In my environment, we periodically report on deviations from our expected configuration using Pester, which is a testing framework written in PowerShell (built into Windows 10 and has support for PowerShell Core so can be run on Linux as well). A sample test to suit your use case would look something like this:

Describe "Autosupport Settings" {
 (Get-NcAutoSupportConfig | Select-Object NodeName,IsPrivateDataRemovedSpecified).ForEach{
    It "Private Data Removed setting for $($_.NodeName) should be true" {
      $_.IsPrivateDataRemovedSpecified | Should -Be $true
    }
  }
} 

Saving the above as "AutoSupport.Tests.ps1" and running it with Invoke-Pester looks like this:

PS C:\Users\user\desktop> Invoke-Pester .\AutoSupport.Tests.ps1
Executing all tests in '.\AutoSupport.Tests.ps1'

Executing script .\AutoSupport.Tests.ps1

  Describing Autosupport Settings
    [+] Private Data Removed setting for lab-clst-01-8200-n1 should be true 3ms
    [+] Private Data Removed setting for lab-clst-01-8200-n2 should be true 2ms
Tests completed in 251ms
Tests Passed: 2, Failed: 0, Skipped: 0, Pending: 0, Inconclusive: 0 

It will run the test that we just set up, and throw an exception if the actual value differs from its expected value (for example, if someone modifies the "IsPrivateDataRemovedSpecified" parameter for a node.

From there, you could run that command as a Scheduled Task or something and have it write the output to a file or send you an email message with the results every day. 

For your second request, I would agree with @SpindleNinja and set up event notifications.