I have found two apps this one and this one, but the first one only pulls security alerts and for the other one you need to deploy the app to the servers. Thing is, we also need the clients info and they don't have forwarders installed.
Is there an app that pulls all windows defender logs from Azure?
Woops, I forgot to link the apps: https://splunkbase.splunk.com/app/4128/ (only security alerts) and https://splunkbase.splunk.com/app/3734/#/details (not on workstation clients).