Azure Policy - Enable Hybrid Use Benefit

The behavior you are encountering is by design. Azure Policy configured with the DeployIfNotExists effect can remediate non-compliant virtual machines after they have been created, but it does not intercept or modify new VM deployments. To enforce compliance at the time of provisioning, the policy must instead be structured with the Deny or Append effects. According to Microsoft’s official guidance, the Hybrid Use Benefit (HUB) must be explicitly specified during VM creation. Policies can subsequently enforce or remediate this setting, but they cannot automatically inject the licenseType property into new VM builds during deployment.

https://learn.microsoft.com/en-us/windows-server/get-started/azure-hybrid-benefit?tabs=azure

https://learn.microsoft.com/en-us/azure/governance/policy/concepts/effect-deploy-if-not-exists