Azure Policy (tags)

Hello, I am working on a policy that restricts tags to predefined values. As of now, i have that functionality but i also want to restrict the creation of adding new tags as well. I want the user to only have the ability to create tags from the predefined list of name and values otherwise, deny. Any assistance would be helpful, thanks in advance

This what i have so far:

{

"mode": "All",
"policyRule": {
"if": {
"allOf": [
{
"not": {
"allOf": [{
"field": "tags['OrgCode']",
"exists": "true"
},
{
"field": "tags['OrgCode']",
"notIn": "[parameters('OrgCode')]"
}
]
}
},
{
"not": {
"allOf": [{
"field": "tags['Backuplevel']",
"exists": "true"
},
{
"field": "tags['Backuplevel']",
"notIn": "[parameters('Backuplevel')]"
}
]
}
},
{
"not": {
"allOf": [{
"field": "tags['Environment']",
"exists": "true"
},
{
"field": "tags['Environment']",
"notIn": "[parameters('Environment')]"
}
]
}
},
{
"not": {
"field": "tags.AppID",
"exists": "true"
}
}
]
},
"then": {
"effect": "deny"
}
},
"parameters": {
"OrgCode": {
"type": "Array",
"metadata": {
"description": "Provides a charge code or cost center to attribute the bill for the resources too. Tag value: Cost Center. Example: team@domain.com"
},
"allowedValues": [

"8510",
"6000",
"8310"
]
},
"Backuplevel": {
"type": "Array",
"metadata": {
"description": "Provides information on department or team is responsible for administering/supporting the application. Tag value: Team name/email. Example: 1506548"
},
"allowedValues": [
"azzu-vim-cpp-1",
"azu-vim-cpp-2",
"azu-vim-cpp-3",
"azu-vim-cpp-4",
"azu-mssql-cpp-1",
"azu-mssql-cpp-2",
"azu-mssql-cpp-3",
"azu-mssql-cpp-4",
"azu-odb-cpp-1",
"azu-odb-cpp-2",
"azu-odb-cpp-3",
"azu-odb-cpp-4",
"azu-no-backup"

]
},

"Environment": {
"type": "Array",
"metadata": {
"description": "Provides information on what the resource group is used for (useful for maintenance, policy enforcement, chargeback, etc.) Tag value: Dev, QA, Stage, Test, Prod. Example: Prod"
},
"allowedValues": [

"Production",
"Test",
"Stage",
"DR"
]
}
}
}