Where can we get Defender AV definition version and its creation date for machines in MDATP?

Dean_Chen If you are using SCCM/MECM for the Windows Clients, you can see the definitions there if the "Endpoint Protrection" Module is enabled and you manage the "Defender Part" of MDATP via SCCM.

I'm not sure, but I think there is a similar view in Intune (but again, not quite sure).

Another way to report this for all machines is an Advanced Hunting query:

https://github.com/microsoft/Microsoft-threat-protection-Hunting-Queries/blob/master/General%20queries/WD%20AV%20Signature%20and%20Platform%20Version.txt

Best regrads

Stefan