Hi LMG,
Since all publicly facing domains will be shared with many top level domain servers, it will be possible for attackers to obtain your full list of subdomains.
The best approach to defending against vulnerabilities and unknown configuration of your servers is a combination of:
Defender for Cloud - to keep an inventory of all of your cloud and on-prem servers (via Arc agent) and monitor/block misconfigurations.
Defender for Endpoints/Servers - as your AV/EDR
Defender for Endpoints/Servers - Vulnerability Management (E5 feature) - for identifying vulnerabilities on your assets.
Defender for Endpoints/Servers - Application Control (E5 feature) - for an inventory of all applications and alerting/reporting/blocking of high risk applications.
Defender EASM - For continuous tracking of all of your external assets.
Microsoft Sentinel - Your SIEM for 'bringing it all together' and FINALLY providing your answer to the question 'given all my assets, are any of them vulnerable to attack AND are those potentially vulnerable assets CURRENTLY under attack?'