You are matching the traffic from the ACL. The permit tells the vlan map to process the src/dst networks and the action for that flow is to drop the traffic.
With a deny statement on the ACL, the vlan map will assume that you don't want to process the traffic with the subsequent action.
You will see the same logic on MQC (Modular QoS CLI).
class-map match-all Class-Vlan
match access-group ACL-Vlan
policy-map Policy-Vlan
class Class-Vlan
drop
ip access-list extended ACL-Vlan
permit tcp any any 80