You could enforce tags using Azure policy: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-policies
You could limit permissions though this is not always feasible: https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources
You could monitor the Azure Activity log for the creation of new tags and respond in a variety of ways. Send yourself an email. Send the author an email describing the policy. Automate the removal of unauthorized tags using a logic app.