$subs = Get-AzSubscription
 
foreach ($sub in $subs) {
  Set-AzContext -Subscription $sub.id
  $resources += Get-AzResource
}
 
$resources | convert-to-json | out-file " . \resources.json"

jq.exe 'map(.Type) | unique' resources.json

$DirectoryRoles = Get-AzureADDirectoryRole
 
ObjectId                             DisplayName                                Description
--------                             -----------                                -----------
02bb6e8b-bb42-4f30-a527-0cfe44d1a902 Reports Reader                             Can read sign-in and audit reports.
...

$PrivilegedRoles = $DirectoryRoles | Where-Object {
 $_.DisplayName -like "*Administrator*" -or $_.DisplayName -eq "Global 
Reader"
}

$PrivilegedUsers = $PrivilegedRoles | ForEach-Object { Get-MgDirectoryRoleMember -DirectoryRoleId $_.ObjectId } | Select-Object Id -Unique

Get-AzRoleAssignment