Hard to say, but windows defender doesn't stop as many as EDR's can. There are actual tests for this, ran by independent parties that check exactly this. Defender can be disabled extremely easily, modern EDRs cannot.
okay so i did and he defs claims windwos was secure out of the box. so again, i ask if he really said that ahaha, with a straight face.
SMB 1.0 is enabled, non admin users have powershell access, defender can be disabled with a single command, user is admin by default, passwords can be reset via booting to a bootable media device and then swapping its CLI to c:
there are so many basic insecurities out of the box in windows.
