Endpoint Security Policies do not contain all the settings that GPO or the intune settings catalog provides for MDAV and others. Are we allowed(is it supported) to use GPO in combination with the new endpoint security policies, in case we need those settings that are not provided in the endpoint security policies? Managing what can be managed with the endpoint security policies, and manage what is not with GPO etc.

For example, disabling randomized times for scheduled MDAV tasks on Windows, is one of those settings that can be crucial, both on Windows clients and on servers, where you might want to avoid scans clashing with various batches and so on.

Of course, with the assumption that any one setting will only be configured either in the endpoint security policies  OR  GPO.