Improve Defender performance by performing one full scan
Microsoft typically recommends against scheduled full scans, but there are a few scenarios where we still want to perform a full scan outside of scheduled scans - whenever Defender was not the active Antivirus (such as switching from a 3rd party Antivirus), as part of the base image creation process, or once a new machine has finished installing all new apps and policies.
https://learn.microsoft.com/en-us/defender-endpoint/mdav-scan-best-practices
https://learn.microsoft.com/en-us/defender-endpoint/schedule-antivirus-scans
Performing a full scan populates a cache with information on all files scanned and details about the verdict. This cache is then maintained in the background to provide optimal performance by removing the need to scan things that have been recently scanned or verified clean.
This solution is a collection of scripts and KQL queries that will ensure devices always perform at least one full scan to populate this cache :)