Hi Shinde, Balaji, I want to help you with this question.
Yes, you need to select all possible resources in the settings mask shown, which will be linked to azure sentinal via the respective dcr.
However, my recommendation is not to do this directly in the dcr configuration, as not all scopes (.e.g management groups etc). can be selected. So the scalability lacks here.
The better alternative is to use the policy set "Deploy Windows Azure Monitor Agent with user-assigned managed identity-based auth and associate with Data Collection Rule". It is a builtIn PolicySet and configures the non compliant VMs to link to the defined dcr.
If the reply was helpful, please don’t forget to upvote or accept it as an answer, thank you.