Hello,
I've purchased two Surface Laptop 7's and have enrolled them into Intune after upgrading to Windows Pro.
Nearly all of my policies have applied correctly, and I can see the devices listed in Intune.
However, they do not appear to have been onboarded to Defender for Endpoint. For every other device this process has been automatic, yet it seems as though these two devices are marked as "Not applicable" in my EDR config profile:

These are the settings in my EDR profile:

I've tried running the local onboarding script from the Microsoft Defender portal, but I get this error:

It appears as though there is no Microsoft Defender for Endpoint Service on these devices - I've seen that the service may also be called "Sense", but I can't find that listed in services.msc either. Both laptops also have the Windows Security app installed and active - similar to my other devices. Is this a known issue for ARM devices?
Not really sure how best to proceed from here - any advice is greatly appreciated.