MDI will alert on changes to sensitive groups. You should get alerts on changes to Domain Admins, it should be flagged sensitive by default. I don't think MDI can help specifically on what or who is reverting the change if that is not clear in the audit events. MDI can make you aware of other unusual activity or signs or persistence (if the concern is malicious activity).
I am not clear on what RBAC is needed to modify the DA group. Possibly a GPO. Consider looking at other events and audit options. Recreate the activity manually to help identify an indicator. Consider the timing as a possible clue. https://video2.skills-academy.com/en-us/defender-for-identity/alerts-overview