I only use the Surface once in a while and usually with a metered (data plan) connection. The updates (both Windows Updates & Defender updates) don't complete. Then, when I try to shut down, I get a "Task Host is preventing background apps from running" error message & have to use the shut down anyway button. I googled the error, found some troubleshooting solutions & got the updates to download & install while on wifi at home.
So, one thing I have learned in the process is to ignore the message that Defender needs updated when I am on the data plan connection. Would it be better to turn off automatic updates? How will I know when it needs an update? The problem I had with connectivity was because I missed a critical update. I don't have any problem with automatic updates on my W10 desktop.
I think systems that deliver updates should check connection speed at the time, and not try if speed is below some threshold. That's my 2 cents.
One thing I learned is to ignore the prompts that Defender is out of date or that updates are available when I am on 4G/LTE. I probably initiated the download.