Enroll

hi Patrik,

Since you stated that you do not want to use Intune, you can use GPO to manage some of the settings that you specified such as Defender AV, ASR, and Firewall. However, since you have M365 Business then you should consider using Intune since that is included in Premium. I assume you have Premium because you mentioned that you want to manage EDR, which is a Premium feature.
Using Intune to manage Windows AV, Firewall, ASR, EDR, and Device Control is significantly easier in Intune. Also, GPO is only effective if your users have direct line of sight to the domain controller, whereas Intune can manage your machines even when they are not on the network (disconnected from VPN at home).
However, if you have other reasons for avoiding Intune, here is the GPO Documentation for the features you requested:
ASR: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#group-policy
Windows Firewall: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/configure
Defender AV: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/use-group-policy-microsoft-defender-antivirus?view=o365-worldwide

Note: You may be able to manage some of the AV settings within the Defender Console as announced here:
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/security-settings-management-in-microsoft-defender-for-endpoint/ba-p/3356970
note: You posted this question in the wrong forum, I suggest that you post your question in Defender for Endpoint here:
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/bd-p/MicrosoftDefenderATP