@XPaulo   2016 and 2019 servers don't require the agent installation.  This link should help you out with a clear overview on the servers side of capabilities :

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/protecting-windows-server-wit...

I hope it helps.

@David De Vos Thanks for your reply. Yes I saw the article but it is quite old and it does not mention anything about isolation. If I scroll down to the EDR functionality, which I would believe device isolation would be part of, then it does say that 2016 requires an agent. But then it's not clear what agent (MAM?) since I kind of understand that the MAM agent it a simple monitoring agent... so still not clear to me. And I'm not able to PoC or test this in any way.. :(

@shoando So after some tests, you're right

I'm able to isolate 2019 Servers just as Windows 10. There is no need to install an agent

For Windows 2016, you need the MAM agent to get the events in your tenant.

Even though the GUI gives you the possibility to isolate a device or run an AV scan, it does not do anything. You see the actions pending in the action center and can't even undo them (as such they remain greyed out after you clicked on them for that specific server)

This is good information as I am struggling to find a single official Microsoft doc that states that explicitly. All Microsoft documentation talks about how EDR is possible for older server platforms 2008/2012/2016 using the MMA agent. They should really clarify that it's only Threat Detection not full EDR as no response actions possible in MMA agent.

That would save people like us few hours of wasted time and frustration.

@XPauloI provided the same feedback already. The interface shows "start automated investigation" for all the supported operating systems, while it only works for the latest W10/W2019 releases. They should remove that action for unsupported devices to avoid confusion.

The next thing you see is that a suspicious investigation was noticed in the alert list ... :)