The solution I tend to use is create a Management Group structure in Azure where you assign a role to the managed identity at the management group level and place the subscription in that management group, you will be able to manage the resources within the subscription without having to do a lot of individual role assignments.
See the documentation on Management Groups for details.