我正在尝试创建Azure策略以在资源上强制执行多个标记。要求是添加具有默认值的标记，如果存在具有相同名称但不同值的标记，则忽略该标记并添加其余的强制标记。必填标签：app：tbd（默认值）app_owner：tbd（默认值）
假设资源A具有标签app：ABC，策略不应该将app值更改为tbd，而是忽略它并添加其他标记app_owner：待定
问题：下面的代码正在使用所需的标记更新空白资源，但如果标记已经存在，则不会更新第二个标记。

{
  "mode": "Indexed",
  "policyRule": {
    "if": {
      "not": {
        "allOf": [
          {
            "field": "[concat('tags[', parameters('tagName'), ']')]",
            "exists": "false."
          },
          {
            "field": "[concat('tags[', parameters('tagName2'), ']')]",
            "exists": "false"
          },
        ]
      }
    },
    "then": {
      "effect": "modify",
      "details": {
        "roleDefinitionIds": [
          "/providers/Microsoft.Authorization/roleDefinitions/4a9ae827-6dc8-4573-8ac7-8239d42aa03f"
        ],
        "operations": [
          {
            "operation": "addOrReplace",
            "field": "[concat('tags[', parameters('tagName'), ']')]",
            "value": "[parameters('tagValue')]"
          },
          {
            "operation": "addOrReplace",
            "field": "[concat('tags[', parameters('tagName2'), ']')]",
            "value": "[parameters('tagValue2')]"
          }
       ]
      }
    }
  },
  "parameters": {
    "tagName": {
      "type": "String",
      "metadata": {
        "displayName": "app",
        "description": "requires the tag named as 'app' to tag resources"
      }
    },
    "tagValue": {
      "type": "String",
      "metadata": {
        "displayName": "tbd",
        "description": "Value of the tag, such as 'app'"
      }
    },
    "tagName2": {
      "type": "String",
      "metadata": {
        "displayName": "app_owner",
        "description": "requires the tag named as 'app_owner' to tag resources"
      }
    },
    "tagValue": {
      "type": "String",
      "metadata": {
        "displayName": "tbd",
        "description": "Value of the tag, such as 'app_owner'"
      }
    }
   }
}