Hello there,
Did you find any event ID related to this issue?
Microsoft Defender Antivirus records event IDs in the Windows event log.
Open Event Viewer.
In the console tree, expand Applications and Services Logs, then Microsoft, then Windows, then Windows Defender.
Double-click on Operational.
In the details pane, view the list of individual events to find your event.
Are you using a 3rd party AV solution and have EP enabled in client settings in ConfigMgr?
Configuration Manager Health Evaluation task (CcmEval) will check the status of the Defender service and if it isn't enabled and/or running, will try to enable and/or start it. Obviously this fails because a third-party antivirus solution is installed.
--If the reply is helpful, please Upvote and Accept it as an answer--