@Cymon_Skinner 

I assume you're talking about the Microsoft Defender ATP security baseline that you can deploy from Intune. This is just Microsoft recommended setting for use with Microsoft Defender for Endpoint is how I understand it. None of these settings actually require a device to be onboarded to Microsoft Defender for Endpoint.

All of the actual Microsoft Defender for Endpoint polices are configured within the Microsoft Defender Security Center portal http://securitycenter.microsoft.com/