By default I always use “reagentc /disable” so users with local administrative rights don’t do a reset of their whole computer. With Windows 10 1703 now out and Defender’s Offline scan a bit more obvious in the Security Center, I noticed it wasn’t working at all.
I wasn’t realizing that everything is all tied together with Windows RE. My current option seems to just have a PowerShell script to quickly run “reagentc /enable; Start-MpWDOScan” and manually run “reagentc /disable” after it starts back up.