Nah, defender is a PITA. There is theory and there is reality. Theoretically you can load a vuln driver and load a rootkit or just disable defender but both those things are highly detectable in mature environments. But a developer or jetbrains.exe setting up a nice dev drive is too noisy for a detection and too burdensome on your devs to block it outright.