This is how our plugin works with WordPress Subdomains.
Subdomains with unique installation
This is when multiple subdomains are created and there is a unique installation of WordPress per site. In cases like this, each subdomain has its own database so you will need to install the plugin separately for each subdomain. Each subdomain will not be affected by the API key, audit logs, hardening or any settings applied to the other subdomains.
Subdomains with MultiSite
This is when you have a network-based installation associated to a unique installation of WordPress. This means there is only one database with multiple "options" tables. In this case, when you install the plugin, the audit logs, hardening and login information will be shared among all the sites inside the network. The settings, however, will affect only the site where they were applied.
Why does it work like this?
The plugin uses the administrator email and the domain name of the site to generate an API key (this also applies for sub-domains), and the information communicated through the API interface will be transferred using this key. A big percentage of the data processed by the API interface is dependent on the WordPress core files and the information stored in the uploads folder, that is why a unique installation of the plugin (in a main site) will not work 100% for sub-domains installed in different locations.
For the MultiSites this is different, because a WordPress MU installation will force each site to share the core files, and (generally) the content inside the "wp-content" directory (which is where the plugin’s data is stored). All information processed by the plugin will be shared among all the sites inside the network (except the settings).
So, in short, you install the plugin one time for a network-based installation (aka. WordPress MultiSite), otherwise install the plugin as many times considering the quantity of sub-domains created.