Open group policy editor
Create a new policy called whatever you wish, edit the policy
Navigate to Computer Configuration\Administrative Templates\Windows Components\Microsoft Defender Antivirus
Edit "Turn off defender antivirus" and set it to enabled
Then link the policy to whatever OU's you need to
Check your services after a reboot, look for Windows Defender,
They should be disabled.