I've been slow to adopt Defender, being a subscriber of Wordfence Pro -- but in 2018 I've been using both. There's a couple features of Wordfence (one included in the free version) that I still find superior to Defender -- BUT Defender has the Audit Log which I find very useful.
While there's still some work to do to catch Wordfence in the area of scanning documents and geo blocking, I think the most SIGNIFICANT addition to Defender currently would be to really build up the Audit Log. Here's a couple things that could be done easily: 1) when a plugin has been activated or deactivated, signify if that was local vs network wide in the log, 2) add the ability to add a note to log entries, and 3) in the long run, make those notes threadable and searchable, with author and time stamps of when the individual notes were made.
Strategically, aim for folks like me that aren't willing to give up Wordfence yet -- aim to get them to adopt Defender as an additional tool to Wordfence (if not a replacement). For instance, I disable the scanning on Defender but use the other features, namely the automated security suggestions and the audit log (both of which don't exist in Wordfence). Building up the features that make Defender different from Wordfence makes the most strategic sense IMO. Yes, I still want geo blocking and improvements to scanning added, but we're going to get more people coming over to Defender in the long run if we go all out on what makes Defender different.