There’s a couple of ways you can approach this. You could make sure your Get Access action only returns access profiles.
And then configure your Manage Access to match access items that start with “Azure” by using regex in your JSONpath expression.
$.getAccess.accessItems[?(@.name =~ /Azure.*/i)]
Alternatively, you could look into this show and tell as a source of inspiration.