There doesn't seem to be a way to run a scan on all devices. You can run a scan on devices that have reported unhealthy by going into the Endpoint manager and going >Endpoint Security > Antivirus > Unhealthy devices and starting a scan for all of them.
Maybe deploy a PowerShell script through the endpoint manager to run `Start-MpScan`. I don't think there is a PowerShell command to run AIR, it will only run if it finds something in the AV scan and you have policy set up for it to run.
To run both, you could probably script something using the API, documented here:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exposed-apis-list?view=o36...Use the List machines method, loop through to get each ID and run the methods to start AV scans and AIRs, which are listed here:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/respond-machine-alerts?vie...