This article details the steps to set up your integration with Microsoft Sentinel DCE and Sharetru.
Note: Do not toggle the Enable to "on" until you have filled out the form illustrated below and completed a test of the connection.
Use the SIEM "Select Service..." dropdown and select Microsoft Sentinel DCE.
The only Format available for Microsoft Sentinel DCE is JSON.
To view an example of the SIEM test message click the link button.
Enter your Azure Directory (tenant) ID: See example below
Enter the application (client) ID registered in your Entra instance: See example below
Enter the value of the Application secret for the registered app: See example below
Enter the DCE or the DCR endpoint for the Log Analytics workspace: See example below
Enter the DCR ID from Azure Log Analytics: See example below
Enter the Stream Name in the DCR that should handle the custom data: See example below
Toggle this option on to send data to the GCC high region: .png?width=683&height=44&name=image-20240715-234659(1).png){kind=small}
After the form is completed click "Save".
Now, you will need to test the connection. Click the "Test Connection" button. 
If the connection is successful you will receive a message verifying that result.-1.png?width=637&height=185&name=image%20(2)-1.png)
*You should verify that the message was received by your Microsoft Sentinel DCE instance. *
However, if the connection is not successful you will receive a message regarding the failure.
Upon successfully completing the test you may toggle the "Enable" switch on and then click "Save".
This will finalize the SIEM integration set up.
.png?width=688&height=938&name=image-20240716-213829(1).png)