@PhrygianMode Here is a sample azure policy to enforce a tag with pre-defined values. Kindly check and tweak it based on your requirement.
{
"mode": "Indexed",
"policyRule": {
"if": {
"not": {
"field": "[concat('tags[', parameters('tagName'), ']')]",
"in": "[parameters('tagValue')]"
}
},
"then": {
"effect": "deny"
}
},
"parameters": {
"tagName": {
"type": "String",
"metadata": {
"displayName": "Tag Name",
"description": "Name of the tag, such as 'environment'"
}
},
"tagValue": {
"type": "Array",
"metadata": {
"displayName": "Tag Value",
"description": "Value of the tag, such as 'production'"
},
"allowedValues": [
"Dev",
"Test",
"Prod"
]
}
}
}