It is a bit of a hard question to answer, are you better off having a separate subscription and resource for each firm, than using Azure Lighthouse (https://docs.microsoft.com/en-us/azure/lighthouse/overview
) and policies/tags to manage it?
Azure Lighthouse was made for MSPs to have access and see a variety of client Azure subscriptions, you can always look at using the name of a resource type and tag of a resource to to connect to the right resources in Azure.
I know of a few companies that use documentation systems, such as IT Glue to store the information related to their clients, including connection strings etc.
To me, customers own their Azure environments, whether they are looked after by someone else, so need to make sure all their resources are accessible and secure, should they wish to leave.