Azure roles question

Hi there,

We're looking to be able to use the recertfication/attestation functionality of OneIdentity Manager to be able to recertify Azure AD users that have Azure roles assigned at Subscription level. 
Has anyone used this functionality for this purpose? We currently have Azure AD roles coming into OneIdentity but not Azure roles at subscription level eg subscription owner.

If so, how did you implement this?