Using an Azure automation account you can use a Managed Identity to run your PowerShell scripts. More details here https://learn.microsoft.com/en-us/azure/automation/automation-security-overview#managed-identities.
As for the permissions you need. It would be possible to create a role that only has access to this exact data however the simple solution would be to assign the Managed Identity the directory reader role which should give it access to this data.
I don't believe that directory roles can be given to managed identities directly so you'll need to follow this guide which is for SQL managed instances to assign the role: https://learn.microsoft.com/en-us/azure/azure-sql/database/authentication-aad-directory-readers-role-tutorial?view=azuresql#directory-readers-role-assignment-using-the-azure-portal