It would be wise to have the Universal Naming Convention (UNC) share for offline updates as there might be machines with issues getting updated in the regular way.
If the Windows Update agent is corrupted or broken, then most likely neither Microsoft Update nor Configuration Manager can be used to update definitions. This is where both Microsoft Malware Protection Center and UNC shares come in. Neither of those channels depends on the Windows Update agent.
Just to be clear, though, that the Microsoft Malware Protection Center is not an offline update source.
You need to have the UNC update source enabled in the policy as shown following:
Definition Update Sources within the Antimalware policy
Then you hit the Set Paths button and define the server UNC shares where clients can fetch the updates.
Definition Update UNC Paths
The updates can be downloaded from this address and are updated regularly:
https://www.microsoft.com/security/portal/definitions/adl.aspx
The picture preceding shows you the Endpoint Protection update files downloaded.
The picture preceding shows you the available offline updates that can be downloaded.
There are also PowerShell scripts that can download and execute the files for you.
One example I've seen is this, located in the TechNet Gallery:
https://gallery.technet.microsoft.com/scriptcenter/SCEP-Definition-Updates-to-fde57ebf
It provides the option to automate the download and update process so that the files are kept up-to-date.