I would recommend to use the Microsoft Graph API for this kind of reports: https://docs.microsoft.com/en-us/graph/api/resources/report?view=graph-rest-1.0

If you want to run a PowerShell script automatically, you can't protect the account with a second factor like Azure MFA. But, of course, you can do this with RBAC (Role Based Access Control) and only allow the account to run specific PowerShell cmdlets like Get-MessageTrace:

PS C:\Users\domin> Get-ManagementRoleEntry *\Get-MessageTrace*

Name Role Parameters
---- ---- ----------
Get-MessageTraceDetail Compliance Admin {Action, EndDate, ErrorAction, ErrorVariable...}
Get-MessageTrace Compliance Admin {EndDate, ErrorAction, ErrorVariable, Expression...}
Get-MessageTraceDetail Data Loss Prevention {Action, EndDate, ErrorAction, ErrorVariable...}
Get-MessageTrace Data Loss Prevention {EndDate, ErrorAction, ErrorVariable, Expression...}
Get-MessageTrace Security Admin {EndDate, ErrorAction, ErrorVariable, Expression...}
Get-MessageTraceDetail Security Admin {Action, EndDate, ErrorAction, ErrorVariable...}
Get-MessageTrace Security Reader {EndDate, ErrorAction, ErrorVariable, Expression...}
Get-MessageTraceDetail Security Reader {Action, EndDate, ErrorAction, ErrorVariable...}
Get-MessageTrace View-Only Recipients {EndDate, ErrorAction, ErrorVariable, Expression...}
Get-MessageTraceDetail View-Only Recipients {Action, EndDate, ErrorAction, ErrorVariable...}