@Woody Chiu at RASI, Thanks for pasting in Q&A. Based as I know, for the setting such as Antivirus, Antispyware: will check the compliance that are registered with Windows Security Center. For "Microsoft Defender Antimalware", it turns on the Microsoft Defender anti-malware service.
https://learn.microsoft.com/en-us/mem/intune/protect/compliance-policy-create-windows
From your description, it seems Microsoft Defender built-in services will be disabled after third-party antivirus agent like Malwarebytes was installed, IF so, the compliance policy will consider the device as not compliant. To fix the issue, I think we can click on one non-compliant device, choose "device Compliance", then click on the affected policy to see the detailed non-compliance setting. Then change these settings to not configure. After the device check in, check if the status changed.
To check what subscription and license in your environment, you can go to Microsoft 365 admin center, ‘Services & Subscriptions’ section, you can find current Microsoft 365 services and the license type
https://toolingant.com/how-to-check-microsoft-365-license/
Note: Non-Microsoft link, just for your reference.
I notice you have other questions with "Microsoft 365 security" and Microsoft Defender 365 which we are not familiar. You can contact Microsoft 365 or Microsoft Defender support in the following link to get more help.
Microsoft 365 community
Microsoft Defender for Endpoint support
Thanks for your understanding.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.