I have a query on cloud servers can be best managed by Intune / SCCM?

If you are referring to Defender AV alone, then you can manage the servers using Intune through cloud attach feature in Configuration Manager. This is also true for Defender for Endpoint features. If you don’t have Configuration Manager then this will not work for you. In that case you can use security management configuration cloud feature which will involve enabling the connector between Defender portal and Intune. This way the devices have a synthetic object created in Entra ID, onboarded in Defender, not enrolled in Intune, but managed by Intune for MDE policies using the MDE channel. All of the above that I have stated have their own licensing requirements so have a look before deciding on the approach. In my personal opinion, go for security management feature.