2nd question: To link only to Defender you can do it with onboarding packages. Use local package and you could use Group Policy Preferences - Task Scheduler to distribute it. To link/join to Intune - AD Connect and Hybrid AAD join is required.
4nd question: Look at Security Baseline for Edge, it has smart screen and other settings probably for that.