When the laptop or workstation is not connected to the network (offline) the Desktop Login credential provider is unable to connect to Active Directory (AD) to check what type of token policy is required for the user, e.g. token only or token with AD Password. Therefore, the default action is to require token only authentication as only token data is stored by the Desktop Login for offline use.
Using a policy of "Token with Active Directory Password" will not work in offline mode.
If a policy of "Token" (Followed By "None") is used the user would see the same prompt when online and offline, i.e., username, password, token response (the "Remember User's Password" option should be unchecked).
The AD Password is checked by Windows, not Defender, so when online the password will be checked against AD and the token response checked by the Defender Security Server. When offline the AD Password will be checked by Windows against its cached password and the Desktop Login will check the token response against its offline data.