Hi Martin,
You shouldn't need any agents aside from the initial deployment of defender for server:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/enable-vulnerability-assessment-agentless
"When you enable Defender Cloud Security Posture Management (CSPM) or Defender for Servers P2, agentless scanning is enabled on by default."
As for the 3 agents you mentioned:
#1 is old, #2 (AMA) is new, and #3 is the Defender for Server agent.
At least that's my understanding.
Reference:
https://learn.microsoft.com/en-us/azure/defender-for-cloud/auto-deploy-azure-monitoring-agent