If you are in the market to sell EDR tools and you can’t find a way to provide value beyond what XProtect offers, you probably shouldn’t be in the market.
The difference between XProtect and Defender, is that XProtect utilizes the same kernel interface that Apple provides to other EDR solutions, whereas Microsoft was / is only willing to implement Defender using an in-kernel solution.
As a result, it would be anti-competitive for Microsoft to deny that level of access to third party EDR solutions.
I do wish that the EU would offer a "grace period" for "platform owners" or "gatekeepers" that would allow them to use non-public APIs for their first-party solutions while they stabilize and work out the public API offering. I think there should be some requirements for them to "earn" that grace period, such as allowing interested third-parties to get early access and provide feedback on those APIs. Regardless, it takes time to stabilize those APIs, and the current EU approach of requiring all new APIs to be fully public on day one just isn't workable.
