Hello Mor Paz,
Thank you for posting on the Microsoft Q&A Community.
From your explanation, I understand that you want to create a service principal (an application registration) and assign reader permission to the application on all the subscriptions within your organization.
There are different ways to achieve this:
The first way is to create a management group in the portal and add all the subscriptions to this management group. Follow the link below to create a management group.
https://learn.microsoft.com/en-us/azure/governance/management-groups/create-management-group-portalOnce that is done, you can add the subscriptions to the management group and then assign the Reader role to the application on the management group. This will give the service principal read permission on all the subscriptions and the resources within them. Kindly follow this link to see the steps to achieve that
https://learn.microsoft.com/en-us/azure/defender-for-cloud/management-groups-roles
Alternatively, you can assign permission on the root management group if you do not want to create a new management group.
Secondly, you can add the service principal permission to the subscriptions one after the other.
NB: i have assumed that you have created your application registration. Use the application id or the application name to search for the application while trying to assign a role.
Also, please note that a Service principal is different from a managed identity. Get more information by following the link https://devblogs.microsoft.com/devops/demystifying-service-principals-managed-identities/
Let me know if further assistance is needed.
Babafemi