Hi,
Yes, the Endpoint Protection point site system role must be installed before Endpoint Protection can be used.
Here is an article can be used as a reference, please refer to the "Steps to Configure Endpoint Protection in Configuration Manager" part in this article:
https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/endpoint-protection-configure#steps-to-configure-endpoint-protection-in-configuration-manager
For more details on distributing the definition updates from Configuration manager, please refer:
https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/endpoint-definition-updates
Hope the above information can help.
If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.