What is Additional LSA Protection and how do you configure it on Windows?

Additional LSA Protection is a security feature introduced in Windows 8.1 that prevents unsigned code from being loaded into the Local Security Authority (LSA) process. To configure it, you set the registry key `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LSASS.exe` with a DWORD value `AuditLevel` set to `00000008`, then restart the system. This is detailed in the article Configure Additional LSA Protection to monitor Password Filter DLL.