Windows Defender Advanced Threat Protection - Collect/Surface Log Data
The ConfigMgr client should collect event log troubleshooting data for Win Defender ATP. The data should be surfaced in the dashboard and be available for creating dynamic collections queries (so you can act on it). A security tool that doesn't clearly show you where it is/isn't working is very problematic.
Matt Schultz [BCBSNE] commented
Expanding on this, ConfigMgr should collect all the Windows Defender events for components it can manage, regardless of whether the customer has ATP. Stepping up to ATP is a significant expense for many customers. Upselling to ATP should be for the benefit of the machine learning enhancements it brings, not manageability of the built-in Windows features.