Intune incorrectly reporting devices non-compliant with a failure on the real-time protection policy, but the policy is set to allowed

I have a handful of Windows 11 machines all running Windows Defender that are showing policy non-compliance with a failure on real-time protection.

The Endpoint security policy is set as

Allow Realtime Monitoring: Allowed Turns on and runs the real-time monitoring service (Default)

When I check windows security on the device itself, all services are green and in good health.

These machines have been reporting non-compliant ever since they were enrolled in Intune (Azure domain join).

How do I get these machines to report correctly and drop off of the non-compliant list?