As you know, you can manage Windows Defender settings by creating device configuration profiles using Intune/Endpoint Configuration Manager, including devices managed by SCCM (aka on-premises server) – see https://t.co/VG0DaErni1.
Well, you can now monitor the health of all the devices protected by Windows Defender directly from the Intune/Endpoint Configuration Manager portal, including the ones managed by SCCM.
To start using these reports, which cover policies applied to devices, health status or detected malware, connect to your Endpoint Configuration Manager portal (https://endpoint.microsoft.com/) and access the Endpoint security\Antivirus blade
There you will get overview reports about your Windows Defender endpoints
As for most of the available reports, you can edit the information displayed by selecting/unselecting column and download the data.
Reports are refreshed every 20 minutes or so.
In addition of these overview reports, you can get a more detailed organizational reports by accessing the Reports\Microsoft Defender Antivirus blade
You will have to request to generate the report by hitting the Generate report button which will take few minutes to complete.