Hi Tobias,
Unfortunately, this cannot be achieved through Azure policy as "Principal Name" property of Role assignment is not returned in response payload by the GET/LIST REST API for Role Assignment. Neither it is passed into the request payload while creating Role Assignment
Azure Policy depends on these REST API request/response payloads to AUDIT and DENY .