Hi Hram,
Thanks for your post. Generally speaking, Microsoft Defender Antivirus uses cloud-delivered protection (also called the Microsoft Advanced Protection Service, or MAPS) and periodically downloads dynamic security intelligence updates to provide more protection. These dynamic updates don't take the place of regular security intelligence updates via security intelligence update.
Cloud-delivered protection is always on and requires an active connection to the Internet to function. Security intelligence updates occur on a scheduled cadence (configurable via policy). For more information, see Use Microsoft cloud-provided protection in Microsoft Defender Antivirus.
For a list of recent security intelligence updates, see Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware.
Engine updates are included with security intelligence updates and are released on a monthly cadence.
Best Regards,
Ian Xue
If the Answer is helpful, please click "Accept Answer" and upvote it.