thanks to implementing Cloud App Security I found out that there is a large number of AD objects which have "PasswordNotRequired" for user its manually set. But for computers it seems to be done when its manually created in AD. I searched but cant find anything which would set this (like GPO etc). So I would like to know how prevent this behavior to be default.
(FYI Domain level is 2016)