They want evidence of the antivirus updates for our macbooks being centrally managed by some tool (quote-unquote: WSUS). I get this is how some enterprises operate, but for our small shop we're talking a handful of macbooks that have access to even anything. And even so the people who operate those are contractually obligated to run a very tight ship (encrypted disks, auto updates (which includes XProtect, apple's native antivirus so to speak), 2FA on all services, etc), tunnelling on unprotected wifi, etc.
We sent evidence of all of this. But they really want centrally managed antivirus for our macbooks.
not sure why you think it is unnecessary, generally speaking
The choice is not hard, either install AV or get removed. You're not going to change their policy
We take security very seriously but this is not the way.