Microsoft
Microsofttkirwan regarding the watchlist, you can do it in different ways: you can use our built-in watchlist schemas Schemas for Microsoft Sentinel watchlist templates | Microsoft Learn, like High Value Assets if it applies to the devices you would like to add; or you can create a custom watchlist like we did Create new watchlists - Microsoft Sentinel | Microsoft Learn. We only used those fields (hostname and department) because that was enough in our case, but you can add more fields.
As for your second question, you can create granular DCRs, targeting individual servers, and it doesn't matter whether they are on Azure, other clouds or on-prem (if they are not Azure, you will need to onboard them on Arc first) Please check AMA installation options . If you are asking specifically about clients, like laptops, then yes, you are correct and you can't target individual machines.