In the MDM Diagnostic Report I can't find anything related to "onboard" or "onboarding".
At the event log under Applications and Services Logs\Microsoft\Windows\DeviceManagement-EnterpriseDiagnostics-Provider I didn't find anything related to "onboarding" or "WindowsAdvancedThreatProtection".
Also I logged on with a local admin account on this device and now I see the status on the Device configuration profile for the Defender Onboarding change to succeeded:
Also the ATP-sensor seems to be working now!
But https://securitycenter.windows.com still shows:
Additional question: It shouldn't be required to logon with a local account to have the security on these Win10 devices activated in the right way, right?? I can't let this ship to our end-users this way.