At work we host a number of Debian VMs. Most of them are integrated into the central active directory server using the sssd package.
Quite unrelatedly my boss kept nagging me about incoming emails to root that looked like this
Subject: *** SECURITY information for <host> ***
<host> : Sep 29 05:45:42 : user : problem with defaults entries ; TTY=pts/0 ; PWD=/home/user ;
I found the relationship between sssd and the eMails only after some heavy googling: the sssd package modifies /etc/nsswitch.conf and adds the sssd as the source for sudoers.
Since we do not keep that info in active directory anyway the fix is easy - simply remove the sssd config for sudoers and enjoy a quiet life without security emails.