I've actually played with this some time ago (maybe 2 years ago).

If you use Systems Manager on the machines you can create a security compliance policy that requires antivirus to be installed and running.  This creates a dynamic tag, and you you can dynamically assign a group policy based on weather antivirus is working or not.  This compliance test is based on the result returned by the Windows Security centre.

https://documentation.meraki.com/SM/Tags_and_Policies/Security_Policies_in_Systems_Manager

If still have my test policy partially setup (screenshot below).  I also had it test to make sure a firewall was running on the machine.

All of this cane be done without any additional servers or anything.  The idea is great.

But there was a catch.  A big catch.  If a machine is non-compliant (say antivirus is not running) and then you fix that compliance issue it can take many many many hours before the Systems Manager agent on the machine reports in that the machine is now compliant.  The problem is - I can't leave now compliant machines not attached to the network - I can't leave them in a state where the person can't work - especially when I can't even say how long.  It could be 1 hour, it could be the next day.

I spoke to Cisco Meraki at the time, and said if they could communicate the compliance state each time the agent checks in, or whenever the Windows Security centre has a state change, I could sell a tonne of Systems Manager.  I have customers that would use this feature because it is so simple to setup.

But nothing happened at the time.  I've had no further feedback.  And I haven't been back to see if this has been resolved.