Microsoft Defender is all you need nowadays. It's top of the list in essentially any test. This is the one area where "the cloud" and having millions of clients in the field keeping Microsoft posted on any and all new developments is a boon. Bonuses are not increasing your attack surface and the lack of additional costs.
Thread devolving into another OS row in 3...
Kinda resurrecting this thread, but this topic is my forte.
Defender is solid. Running that along with keeping the OS patched and up to date(it should do this automatically by default) is usually "good enough". The only other thing I highly recommend is a good browser(Firefox, Chrome, etc) with a good ad blocker like uBlock Origin. Not only does this make the browsing experience better, but ad networks have been known to distribute malicious content.
Aside from that, exercise extreme caution when downloading and executing programs, opening e-mail attachments(even MS Word docs, excel files, etc).
There's other more advanced stuff that can be done, but then you really start getting into the nitty-gritty stuff that is difficult to manage. App whitelisting, etc.
edit: The Windows account you use normally shouldn't be an Administrator account - just use a regular user account. Have a separate Admin account/password that you type in whenever you need to make major changes to the Windows settings/etc.