@eg1995 Apologies for the delay in reviewing this post, As I understand you are looking for difference between EDR & AIR in defender for endpoint.
EDR in block mode will allow EDR detections to be blocked. EDR detections are detections that are based on AI and run in the Microsoft Cloud. For example, EDR might notice that a process is doing phishy stuff and after analysis of the data in the cloud, it can be blocked.
AIR is an investigation that will launch after an alert is generated. This investigation will check the evidence from the alert and (according to your automation level) remediate certain threats.
Reference:
Let me know if you have any further questions, feel free to post back.