Hi @Lucas Edson ,
Welcome to Microsoft Q&A! Thanks for posting the question.
I see that you are trying to enforce Azure Policy only while creating the resource and not when updating it. This is not possible with Azure Policy Policy and effects
responsible for tag add/update are evaluated for both - Create and Update. There is no way to restrict it. ref: Modify effect on policy. These evaluations do not only remain active when creating/updating the resource but are evaluated at regular interval to check if all the resources, with policy enforced on them, are compliant or not. ref: Evaluation Triggeres
Therefore, I don't think Azure Policy would be best suited for your requirement. In case you are deplying the reource through CLI/PowerShell/ARM template, you may add the check in a custom script which checks the tags before submitting for deployment.
Please let me know if you have any questions.
---
Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.