Microsoft does not have any way of knowing whether you have an antivirus or not and because the Spectre patch causes a bluescreen on boot if you have an antivirus that's not updated, they require the antivirus set the registry key to say "hey, it's safe to update". Absence of AV means that registry key doesn't get set.

MS doesn't provide an easy, GUI way of disabling built-in Defender by the way. If you 'disable' defender by using the control panel on windows 10, it only stops its activity temporarily and it can reactivate itself after 24 hours or something like that. You can permanently disable it through registry keys but it's not an officially supported, accepted method to edit the registry by yourself. There's a group policy for 10 Pro and other corp editions though.

For a normal home user, Defender is never fully disabled. It will deactivate itself if you install a third party antivirus, and reenable itself when you uninstall them. Bottom line, the average user is not supposed to be AV-less.

If you have no patched AV, who's going to set the registry key?

If your AV is not patched, the kernel patches should not be installed because you might get a repeating bluescreen.

So get a patched AV. If you haven't installed another AV, then Defender is there and counts.