List details of Azure Management Group from daemon application

I have a daemon application that wants to list all subscriptions (incl. some details) within a management group in Azure. For that I have created an App registration including client secrets in Azure to be used by the daemon application. However, I am having now problems granting access to an entire management group. What has worked, was to create a Role assignment (Type App -> Role Reader) for a single subscription. However, this does not work on management group level. There, I can only assign roles of type User to some roles. I cannot assign an App to a role. How can I grant now the daemon application reader access to the entire management group? (assigning individual subscriptions is not an option, because I want to see with that application for example if a subscription has been added)