@Nick T Welcome to Microsoft Q&A Forum, Thank you for posting your query here!
Blueprints is not a tool to create deny assignments. Instead, Deny assignments are a feature that the Blueprints service uses to leverage its own functionality.
Blueprints can only lock resources that a blueprint creates, in a do not delete or read only fashion, so it won't cover this requirement
Azure doesn't offer functionality for users to create their own custom deny assignments
Please let us know if you have any further queries. I’m happy to assist you further.
Please do not forget to and wherever the information provided helps you, this can be beneficial to other community members.
@Nick T Kindly let me know your support request #SR number is so that I can keep track of your case.