I offer a Security Operation Center (SOC), which is like a person standing and going through the metal detector at the airport. We're like the staff standing there and watching people and then having them send stuff through the conveyor. It is real-time detection and response.
I don't use Microsoft Defender that much. If I come across a client who doesn't want to spend on a different endpoint solution, I just have them use Microsoft Defender that is built into their devices.