Managing Windows Defender in small business domain (is a nightmare)

I've spent a few months rolling out Group Policy for Windows Defender on a small business domain (about 25 workstations), and gathering the results with Event Viewer. (We are not running SCCM) I have it set to run a quick scan everyday, and a full scan once weekly. The group policy is enforced, and the GPResult output shows it's being processed on the workstations. They randomly scan, without rhyme or reason, very infrequently and never when I specified, like once a week for either scan if lucky. The scan's ALWAYS quit early. Full scans quit EXACTLY one hour after start, and the quick scans quit after 9 or 10 minutes.

In an attempt to wrangle in these machines, I'm trying to create a scheduled task to run the quick and full scans explicitly. When the task is created (user is SYSTEM), it will NEVER run. It quits the job instantly with return code 2147942402. I've seen people solve this issue on home machines by running the task as the users account, and saving the credentials. This is obviously a workaround that will not scale to corporate setting.

At this point I've exhausted searching the web, and I'm curious with these awful results, how anyone uses Defender in a business. It doesn't respond to GPO and it won't run as non-user account. Does anyone have any insight as to how to deploy Defender in a small business domain?

There is no way we're buying into the cloud management services from MS just to get this inept AV scanner to run, I'd rather go third party if this is a losing scenario. Please speak up if you've successfully used Defender in a business environment, I can't find anyone on the web with similar issues. Is everyone using third party AV?

GPO Settings:
Windows Defender Antivirus:
    Turn Off Windows Defender Antivirus             Disabled
    Randomize scheduled task times                  Disabled
MAPS:
    Join Microsoft MAPS                             Disabled
    Configure local setting override for reporting to Microsoft Disabled
Real-time Protection:
    Turn off real-time protection                   Disabled
    Turn on behavior monitoring                     Enabled
    Scan all downloaded files and attachments       Enabled
Scan:
    Check for the latest virus and spyware defs before run… Enabled
    Scan removable drives                                   Disabled
    Run full scan on mapped network drives                  Disabled
    Scan network files                                      Disabled
    Specify the interval to run quick scans per day         Enabled (24)
    Specify the scan type to use for a scheduled scan       Enabled (Full system scan)
    Specify the day of the week to run a scheduled scan*    Enabled (Wed)
    *This value did not show once saved, had to update ADMXtemplates to 1809  
    Specify the time for a daily quick scan                 Enabled (360)(6AM)
    Specify the time of day to run a scheduled scan         Enabled (1320)(10PM)
    Configure local setting override for the scan type to use for…  Disabled
    Configure local setting override for schedule scan day          Disabled
    Configure local setting override for scheduled quick scan ti…   Disabled
    Configure local setting override for scheduled scan time        Disabled