Microsoft
MicrosoftGinaKomoroske you may want to check if automatic updates have been enabled on those machines, that there's no group policy in place that influences the update cadence and that the machine is actively installing other updates.
I can confirm that the expectation is that if set up correctly, updates for Defender should arrive just like they would on 2016+.:
If update-mpsignature does work for you, this tells me that Microsoft Update indeed works as an update source so the next thing to verify would be if automatic updates are enabled using Microsoft Update, and how the machine is configured to update if you are using eg WSUS (it may not be configured to use Microsoft Update or automatic updates may be disabled). A consideration here is that there may be a group policy with update settings applied to 2016+ in your environment that is not currently applied to your 2012 R2 machines or that different settings apply.
Manage how and where Microsoft Defender Antivirus receives updates | Microsoft Docs for reference.