Edit.
I assume that by detection we understand the detection with cloud backend support, code emulation, Machine (Deep) Learning, behavior-based detections, AMSI-based detections, post-launch (post-infection detections), etc.
Yes. The detection range is consistent across versions of Microsoft Defender. Actually, you would think that the untweaked, limited feature home version would perform much worse. In reality it is only 5% to 10% less effective at the home user defaults and that is not always consistent.
I will state it this way. Governments know the capabilities of Microsoft Defender (and all other AVs) very well and they do not view them as much of a deterrent. Given that organized crime now has the same level of budgets as governments, what is true of the government is true of organized crime. One has to also consider that governments contract or have off-contract agreements with criminal organizations to further their geopolitical agendas. The benefits to the criminal enterprises is not limited to revenue. They also get access to government-only technologies.
When I have time I can make an image of the government testing workflows that I know of from first-hand experience.
I am not interested in praising or bashing Microsoft Defender (or any other AV). I am only interested in reality. My own personal testing with various lab setups and personally coded malware is that the "You are protected" marketing slogan cannot be trusted absolutely. Default-Allow protections will fail a person or organization when they are needed most. They all are just software with backends. Most users who focus on protecting localhost are very well served by Microsoft's built-in security. There is a lot of it to be had by the user. My greatest wish is that users would be inclined to learn about and use as much of it as they can.
The single greatest threats are users downloading and executing medium-aged to old malware and then clicking on links or navigating to high-risk websites. In most such cases, all the top brand AVs will protect the user sufficiently well. Some might let through PUA/PUPs while others will not. But overall, we could agree that the "You are protected" marketing slogan is mostly accurate for all the leading brand AVs for the average world citizen that is on latest patched Windows Home and they do the typical online content, media & file consumption - Microsoft Defender being among the leaders.
What I think is far, far more important than test results are the little gems of knowledge that you have discovered along your - what? - 8+ year journey with Defender and native Windows security? Your notebook is thick.
Edit: FYI Andy, the old ways are dying. Intimate knowledge of OS security internals is dying and dying fast. Organizations are moving to 100% cloud native all run by AI and maintained by a few hoomans. It is happening so fast that SANS Institute just dropped multiple certifications such as PowerShell security, Exploit mitigation, etc. It is all - and I mean the ENTIRE security stack - is being moved to the cloud and automated & run by AI. I am not sure people understand the significance of SANS Insitute dropping courses, but it is huge. There are unseen SEISMIC shifts happening in the digital workforce. Expect hundreds of thousands to be permanently laid-off or terminated from their current jobs within a few years. This is the reality of the AI security revolution. That NOC or SOC that once had 10 or more people at a larger enterprise now only has 3 or less - or more likely - has been off-loaded/subcontracted to a MSP or MSSP that manages security for 100 or more businesses.
