Create assignmentPolicies

Namespace: microsoft.graph

In Azure AD entitlement management, create a new accessPackageAssignmentPolicy object. The request will include a reference to the accessPackage that will contain this policy, which must already exist.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	EntitlementManagement.ReadWrite.All
Delegated (personal Microsoft account)	Not supported.
Application	EntitlementManagement.ReadWrite.All

HTTP request

POST /identityGovernance/entitlementManagement/assignmentPolicies

Request headers

Name	Description
Authorization	Bearer {token}. Required.
Content-Type	application/json. Required.

Request body

In the request body, supply a JSON representation of the accessPackageAssignmentPolicy object.

You can specify the following properties when creating an accessPackageAssignmentPolicy.

Property	Type	Description
description	String	The description of the policy.
displayName	String	The display name of the policy.
allowedTargetScope	allowedTargetScope	Who is allowed to be assigned the access package through this policy. The possible values are: notSpecified, specificDirectoryUsers, specificConnectedOrganizationUsers, specificDirectoryServicePrincipals, allMemberUsers, allDirectoryUsers, allDirectoryServicePrincipals, allConfiguredConnectedOrganizationUsers, allExternalUsers, unknownFutureValue. Optional.
expiration	expirationPattern	The expiration date for assignments created in this policy.
requestApprovalSettings	accessPackageAssignmentApprovalSettings	Specifies the settings for approval of requests for an access package assignment through this policy. For example, if approval is required for new requests.
requestorSettings	accessPackageAssignmentRequestorSettings	Provides additional settings to select who can create a request for an access package assignment through this policy, and what they can include in their request.
reviewSettings	accessPackageAssignmentReviewSettings	Settings for access reviews of assignments through this policy.
specificAllowedTargets	subjectSet collection	The principals that can be assigned access from an access package through this policy.
automaticRequestSettings	accessPackageAutomaticRequestSettings	This property is only present for an auto assignment policy; if absent, this is a request-based policy.
accessPackage	accessPackage	A reference to the access package that will contain the policy, which must already exist.
questions	accessPackageQuestion collection	Questions that are posed to the requestor.

Response

If successful, this method returns a 201 Created response code and an accessPackageAssignmentPolicy object in the response body.

Examples

Example 1: Create a direct assignment policy

A direct assignment policy is useful when access package assignment requests will only be created by an administrator, not by users themselves.

Request

The following example shows a request to create an access package assignment policy. In this policy, no users can request, no approval is required, and there are no access reviews.

HTTP

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json

{
  "displayName": "New Policy",
  "description": "policy for assignment",
  "allowedTargetScope": "notSpecified",
  "specificAllowedTargets": [],
  "expiration": {
      "endDateTime": null,
      "duration": null,
      "type": "noExpiration"
  },
  "requestorSettings": {
      "enableTargetsToSelfAddAccess": false,
      "enableTargetsToSelfUpdateAccess": false,
      "enableTargetsToSelfRemoveAccess": false,
      "allowCustomAssignmentSchedule": true,
      "enableOnBehalfRequestorsToAddAccess": false,
      "enableOnBehalfRequestorsToUpdateAccess": false,
      "enableOnBehalfRequestorsToRemoveAccess": false,
      "onBehalfRequestors": []
  },
  "requestApprovalSettings": {
      "isApprovalRequiredForAdd": false,
      "isApprovalRequiredForUpdate": false,
      "stages": []
  },
  "accessPackage": {
      "id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
  }
}

C#

GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy
{
	DisplayName = "New Policy",
	Description = "policy for assignment",
	AllowedTargetScope = AllowedTargetScope.NotSpecified,
	SpecificAllowedTargets = new List<SubjectSet>()
	{
	},
	Expiration = new ExpirationPattern
	{
		EndDateTime = null,
		Duration = null,
		Type = ExpirationPatternType.NoExpiration
	},
	RequestorSettings = new AccessPackageAssignmentRequestorSettings
	{
		EnableTargetsToSelfAddAccess = false,
		EnableTargetsToSelfUpdateAccess = false,
		EnableTargetsToSelfRemoveAccess = false,
		AllowCustomAssignmentSchedule = true,
		EnableOnBehalfRequestorsToAddAccess = false,
		EnableOnBehalfRequestorsToUpdateAccess = false,
		EnableOnBehalfRequestorsToRemoveAccess = false,
		OnBehalfRequestors = new List<SubjectSet>()
		{
		}
	},
	RequestApprovalSettings = new AccessPackageAssignmentApprovalSettings
	{
		IsApprovalRequiredForAdd = false,
		IsApprovalRequiredForUpdate = false,
		Stages = new List<AccessPackageApprovalStage>()
		{
		}
	},
	AccessPackage = new AccessPackage
	{
		Id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
	}
};

await graphClient.IdentityGovernance.EntitlementManagement.AssignmentPolicies
	.Request()
	.AddAsync(accessPackageAssignmentPolicy);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const accessPackageAssignmentPolicy = {
  displayName: 'New Policy',
  description: 'policy for assignment',
  allowedTargetScope: 'notSpecified',
  specificAllowedTargets: [],
  expiration: {
      endDateTime: null,
      duration: null,
      type: 'noExpiration'
  },
  requestorSettings: {
      enableTargetsToSelfAddAccess: false,
      enableTargetsToSelfUpdateAccess: false,
      enableTargetsToSelfRemoveAccess: false,
      allowCustomAssignmentSchedule: true,
      enableOnBehalfRequestorsToAddAccess: false,
      enableOnBehalfRequestorsToUpdateAccess: false,
      enableOnBehalfRequestorsToRemoveAccess: false,
      onBehalfRequestors: []
  },
  requestApprovalSettings: {
      isApprovalRequiredForAdd: false,
      isApprovalRequiredForUpdate: false,
      stages: []
  },
  accessPackage: {
      id: 'a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b'
  }
};

await client.api('/identityGovernance/entitlementManagement/assignmentPolicies')
	.post(accessPackageAssignmentPolicy);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Java

GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

AccessPackageAssignmentPolicy accessPackageAssignmentPolicy = new AccessPackageAssignmentPolicy();
accessPackageAssignmentPolicy.displayName = "New Policy";
accessPackageAssignmentPolicy.description = "policy for assignment";
accessPackageAssignmentPolicy.allowedTargetScope = AllowedTargetScope.NOT_SPECIFIED;
LinkedList<SubjectSet> specificAllowedTargetsList = new LinkedList<SubjectSet>();
accessPackageAssignmentPolicy.specificAllowedTargets = specificAllowedTargetsList;
ExpirationPattern expiration = new ExpirationPattern();
expiration.endDateTime = OffsetDateTimeSerializer.deserialize("null");
expiration.duration = DatatypeFactory.newInstance().newDuration("null");
expiration.type = ExpirationPatternType.NO_EXPIRATION;
accessPackageAssignmentPolicy.expiration = expiration;
AccessPackageAssignmentRequestorSettings requestorSettings = new AccessPackageAssignmentRequestorSettings();
requestorSettings.enableTargetsToSelfAddAccess = false;
requestorSettings.enableTargetsToSelfUpdateAccess = false;
requestorSettings.enableTargetsToSelfRemoveAccess = false;
requestorSettings.allowCustomAssignmentSchedule = true;
requestorSettings.enableOnBehalfRequestorsToAddAccess = false;
requestorSettings.enableOnBehalfRequestorsToUpdateAccess = false;
requestorSettings.enableOnBehalfRequestorsToRemoveAccess = false;
LinkedList<SubjectSet> onBehalfRequestorsList = new LinkedList<SubjectSet>();
requestorSettings.onBehalfRequestors = onBehalfRequestorsList;
accessPackageAssignmentPolicy.requestorSettings = requestorSettings;
AccessPackageAssignmentApprovalSettings requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
requestApprovalSettings.isApprovalRequiredForAdd = false;
requestApprovalSettings.isApprovalRequiredForUpdate = false;
LinkedList<AccessPackageApprovalStage> stagesList = new LinkedList<AccessPackageApprovalStage>();
requestApprovalSettings.stages = stagesList;
accessPackageAssignmentPolicy.requestApprovalSettings = requestApprovalSettings;
AccessPackage accessPackage = new AccessPackage();
accessPackage.id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b";
accessPackageAssignmentPolicy.accessPackage = accessPackage;

graphClient.identityGovernance().entitlementManagement().assignmentPolicies()
	.buildRequest()
	.post(accessPackageAssignmentPolicy);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Go

//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClient(requestAdapter)

requestBody := graphmodels.NewAccessPackageAssignmentPolicy()
displayName := "New Policy"
requestBody.SetDisplayName(&displayName) 
description := "policy for assignment"
requestBody.SetDescription(&description) 
allowedTargetScope := graphmodels.NOTSPECIFIED_ALLOWEDTARGETSCOPE 
requestBody.SetAllowedTargetScope(&allowedTargetScope) 
specificAllowedTargets := []graphmodels.SubjectSetable {

}
requestBody.SetSpecificAllowedTargets(specificAllowedTargets)
expiration := graphmodels.NewExpirationPattern()
endDateTime := null
expiration.SetEndDateTime(&endDateTime) 
duration := null
expiration.SetDuration(&duration) 
type := graphmodels.NOEXPIRATION_EXPIRATIONPATTERNTYPE 
expiration.SetType(&type) 
requestBody.SetExpiration(expiration)
requestorSettings := graphmodels.NewAccessPackageAssignmentRequestorSettings()
enableTargetsToSelfAddAccess := false
requestorSettings.SetEnableTargetsToSelfAddAccess(&enableTargetsToSelfAddAccess) 
enableTargetsToSelfUpdateAccess := false
requestorSettings.SetEnableTargetsToSelfUpdateAccess(&enableTargetsToSelfUpdateAccess) 
enableTargetsToSelfRemoveAccess := false
requestorSettings.SetEnableTargetsToSelfRemoveAccess(&enableTargetsToSelfRemoveAccess) 
allowCustomAssignmentSchedule := true
requestorSettings.SetAllowCustomAssignmentSchedule(&allowCustomAssignmentSchedule) 
enableOnBehalfRequestorsToAddAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToAddAccess(&enableOnBehalfRequestorsToAddAccess) 
enableOnBehalfRequestorsToUpdateAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToUpdateAccess(&enableOnBehalfRequestorsToUpdateAccess) 
enableOnBehalfRequestorsToRemoveAccess := false
requestorSettings.SetEnableOnBehalfRequestorsToRemoveAccess(&enableOnBehalfRequestorsToRemoveAccess) 
onBehalfRequestors := []graphmodels.SubjectSetable {

}
requestorSettings.SetOnBehalfRequestors(onBehalfRequestors)
requestBody.SetRequestorSettings(requestorSettings)
requestApprovalSettings := graphmodels.NewAccessPackageAssignmentApprovalSettings()
isApprovalRequiredForAdd := false
requestApprovalSettings.SetIsApprovalRequiredForAdd(&isApprovalRequiredForAdd) 
isApprovalRequiredForUpdate := false
requestApprovalSettings.SetIsApprovalRequiredForUpdate(&isApprovalRequiredForUpdate) 
stages := []graphmodels.AccessPackageApprovalStageable {

}
requestApprovalSettings.SetStages(stages)
requestBody.SetRequestApprovalSettings(requestApprovalSettings)
accessPackage := graphmodels.NewAccessPackage()
id := "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
accessPackage.SetId(&id) 
requestBody.SetAccessPackage(accessPackage)

result, err := graphClient.IdentityGovernance().EntitlementManagement().AssignmentPolicies().Post(context.Background(), requestBody, nil)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PowerShell

Import-Module Microsoft.Graph.Identity.Governance

$params = @{
	DisplayName = "New Policy"
	Description = "policy for assignment"
	AllowedTargetScope = "notSpecified"
	SpecificAllowedTargets = @(
	)
	Expiration = @{
		EndDateTime = $null
		Duration = $null
		Type = "noExpiration"
	}
	RequestorSettings = @{
		EnableTargetsToSelfAddAccess = $false
		EnableTargetsToSelfUpdateAccess = $false
		EnableTargetsToSelfRemoveAccess = $false
		AllowCustomAssignmentSchedule = $true
		EnableOnBehalfRequestorsToAddAccess = $false
		EnableOnBehalfRequestorsToUpdateAccess = $false
		EnableOnBehalfRequestorsToRemoveAccess = $false
		OnBehalfRequestors = @(
		)
	}
	RequestApprovalSettings = @{
		IsApprovalRequiredForAdd = $false
		IsApprovalRequiredForUpdate = $false
		Stages = @(
		)
	}
	AccessPackage = @{
		Id = "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
	}
}

New-MgEntitlementManagementAssignmentPolicy -BodyParameter $params

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PHP

<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);

$requestBody = new AccessPackageAssignmentPolicy();
$requestBody->setDisplayName('New Policy');

$requestBody->setDescription('policy for assignment');

$requestBody->setAllowedTargetScope(new AllowedTargetScope('notspecified'));

$requestBody->setSpecificAllowedTargets([]);

$expiration = new ExpirationPattern();
$Expiration->setEndDateTime(null);

$Expiration->setDuration(null);

$expiration->setType(new ExpirationPatternType('noexpiration'));


$requestBody->setExpiration($expiration);
$requestorSettings = new AccessPackageAssignmentRequestorSettings();
$requestorSettings->setEnableTargetsToSelfAddAccess(false);

$requestorSettings->setEnableTargetsToSelfUpdateAccess(false);

$requestorSettings->setEnableTargetsToSelfRemoveAccess(false);

$requestorSettings->setAllowCustomAssignmentSchedule(true);

$requestorSettings->setEnableOnBehalfRequestorsToAddAccess(false);

$requestorSettings->setEnableOnBehalfRequestorsToUpdateAccess(false);

$requestorSettings->setEnableOnBehalfRequestorsToRemoveAccess(false);

$requestorSettings->setOnBehalfRequestors([]);


$requestBody->setRequestorSettings($requestorSettings);
$requestApprovalSettings = new AccessPackageAssignmentApprovalSettings();
$requestApprovalSettings->setIsApprovalRequiredForAdd(false);

$requestApprovalSettings->setIsApprovalRequiredForUpdate(false);

$requestApprovalSettings->setStages([]);


$requestBody->setRequestApprovalSettings($requestApprovalSettings);
$accessPackage = new AccessPackage();
$accessPackage->setId('a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b');


$requestBody->setAccessPackage($accessPackage);


$requestResult = $graphServiceClient->identityGovernance()->entitlementManagement()->assignmentPolicies()->post($requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-Type: application/json

{
  "id": "87e1c7f7-c7f7-87e1-f7c7-e187f7c7e187",
  "displayName": "New policy",
  "description": "policy for assignment"
}

Example 2: Create a policy for users from other organizations to request

The following example shows a more complex policy with two stages of approval and recurring access reviews.

Request

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json

{
    "displayName": "policy for external access requests",
    "description": "policy for users from connected organizations to request access, with two stages of approval.",
    "allowedTargetScope": "allConfiguredConnectedOrganizationUsers",
    "specificAllowedTargets": [],
    "expiration": {
        "type": "noExpiration"
    },
    "requestorSettings": {
        "enableTargetsToSelfAddAccess": true,
        "enableTargetsToSelfUpdateAccess": true,
        "enableTargetsToSelfRemoveAccess": true,
        "allowCustomAssignmentSchedule": false,
        "enableOnBehalfRequestorsToAddAccess": false,
        "enableOnBehalfRequestorsToUpdateAccess": false,
        "enableOnBehalfRequestorsToRemoveAccess": false,
        "onBehalfRequestors": []
    },
    "requestApprovalSettings": {
        "isApprovalRequiredForAdd": true,
        "isApprovalRequiredForUpdate": false,
        "stages": [
            {
                "durationBeforeAutomaticDenial": "P14D",
                "isApproverJustificationRequired": false,
                "isEscalationEnabled": false,
                "durationBeforeEscalation": "PT0S",
                "primaryApprovers": [
                    {
                        "@odata.type": "#microsoft.graph.internalSponsors"
                    }
                ],
                "fallbackPrimaryApprovers": [
                    {
                        "@odata.type": "#microsoft.graph.singleUser",
                        "userId": "7deff43e-1f17-44ef-9e5f-d516b0ba11d4"
                    },
                    {
                        "@odata.type": "#microsoft.graph.groupMembers",
                        "groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
                    }
                ],
                "escalationApprovers": [],
                "fallbackEscalationApprovers": []
            },
            {
                "durationBeforeAutomaticDenial": "P14D",
                "isApproverJustificationRequired": false,
                "isEscalationEnabled": false,
                "durationBeforeEscalation": "PT0S",
                "primaryApprovers": [],
                "fallbackPrimaryApprovers": [
                    {
                        "@odata.type": "#microsoft.graph.singleUser",
                        "userId": "46184453-e63b-4f20-86c2-c557ed5d5df9"
                    },
                    {
                        "@odata.type": "#microsoft.graph.groupMembers",
                        "groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
                    }
                ],
                "escalationApprovers": [],
                "fallbackEscalationApprovers": []
            }
        ]
    },
    "reviewSettings": {
        "isEnabled": true,
        "expirationBehavior": "keepAccess",
        "isRecommendationEnabled": true,
        "isReviewerJustificationRequired": true,
        "isSelfReview": false,
        "schedule": {
            "startDateTime": "2022-07-02T06:59:59.998Z",
            "expiration": {
                "duration": "P14D",
                "type": "afterDuration"
            },
            "recurrence": {
                "pattern": {
                    "type": "absoluteMonthly",
                    "interval": 3,
                    "month": 0,
                    "dayOfMonth": 0,
                    "daysOfWeek": []
                },
                "range": {
                    "type": "noEnd",
                    "numberOfOccurrences": 0
                }
            }
        },
        "primaryReviewers": [
            {
                "@odata.type": "#microsoft.graph.groupMembers",
                "groupId": "1623f912-5e86-41c2-af47-39dd67582b66"
            }
        ],
        "fallbackReviewers": []
    },
    "accessPackage": {
        "id": "a2e1ca1e-4e56-47d2-9daa-e2ba8d12a82b"
    }
}

Response

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-Type: application/json

{
  "id": "9d8f2361-39be-482e-b267-34ad6baef4d3",
    "displayName": "policy for external access requests",
    "description": "policy for users from connected organizations to request access, with two stages of approval."
}

Example 3: Create a policy that automatically creates assignments based on a membership rule

The following example shows a policy that automatically creates assignments for users in the sales department.

Request

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json

{
    "displayName": "Sales department users",
    "description": "All users from sales department",
    "allowedTargetScope": "specificDirectoryUsers",
    "specificAllowedTargets": [
        {
            "@odata.type": "#microsoft.graph.attributeRuleMembers",
            "description": "Membership rule for all users from sales department",
            "membershipRule": "(user.department -eq \"Sales\")"
        }
    ],
    "automaticRequestSettings": {
        "requestAccessForAllowedTargets": true
    },
    "accessPackage": {
        "id": "8a36831e-1527-4b2b-aff2-81259a8d8e76"
    }
}

Response

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-Type: application/json

{
    "id": "962493bb-be02-4aeb-a233-a205bbfe1d8d",
    "displayName": "Sales department users",
    "description": "All users from sales department"
}

Example 4: Create a policy where requestors are asked to answer questions while requesting access to provide additional information to approvers.

The following example shows a policy that automatically creates assignments for users in the sales department.

Request

POST https://graph.microsoft.com/v1.0/identityGovernance/entitlementManagement/assignmentPolicies
Content-Type: application/json

{
    "displayName": "A Policy With Questions",
    "description": "",
    "allowedTargetScope": "allMemberUsers",
    "expiration": {
        "type": "noExpiration"
    },
    "requestorSettings": {
        "enableTargetsToSelfAddAccess": "true",
        "enableTargetsToSelfUpdateAccess": "true",
        "enableTargetsToSelfRemoveAccess": "true"
    },
    "requestApprovalSettings": {
        "isApprovalRequiredForAdd": "true",
        "isApprovalRequiredForUpdate": "true",
        "stages": [
            {
                "durationBeforeAutomaticDenial": "P7D",
                "isApproverJustificationRequired": "false",
                "isEscalationEnabled": "false",
                "fallbackPrimaryApprovers": [],
                "escalationApprovers": [],
                "fallbackEscalationApprovers": [],
                "primaryApprovers": [
                    {
                        "@odata.type": "#microsoft.graph.singleUser",
                        "userId": "08a551cb-575a-4343-b914-f6e42798bd20"
                    }
                ]
            }
        ]
    },
    "questions": [
        {
            "@odata.type": "#microsoft.graph.accessPackageMultipleChoiceQuestion",
            "sequence": "1",
            "isRequired": "true",
            "isAnswerEditable": "true",
            "text": "What country are you working from?",
            "isMultipleSelectionAllowed": "false",
            "choices": [
                {
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",
                    "actualValue": "KE",
                    "text": "Kenya"
                },
                {
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",
                    "actualValue": "US",
                    "text": "United States"
                },
                {
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",
                    "actualValue": "GY",
                    "text": "Guyana"
                },
                {
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",
                    "actualValue": "BD",
                    "text": "Bangladesh"
                },
                {
                    "@odata.type": "microsoft.graph.accessPackageAnswerChoice",
                    "actualValue": "JP",
                    "text": "Japan"
                }
            ]
        },
        {
            "@odata.type": "#microsoft.graph.accessPackageTextInputQuestion",
            "sequence": "2",
            "isRequired": "true",
            "isAnswerEditable": "true",
            "text": "What do you do for work?",
            "localizations": [
                {
                    "languageCode": "fr-CA",
                    "text": "Que fais-tu comme travail?"
                }
            ],
            "isSingleLineQuestion": "false",
            "regexPattern": "[a-zA-Z]+[a-zA-Z\\s]*"
        }
    ],
    "accessPackage": {
        "id": "977c7ff4-ef8f-4910-9d31-49048ddf3120"
    }
}

Response

Note: The response object shown here might be shortened for readability.

HTTP/1.1 201 Created
Content-Type: application/json

{
    "id": "24e5711e-92f0-41e2-912d-9f4e005f36cc",
    "displayName": "A Policy With Questions",
    "allowedTargetScope": "allMemberUsers",
    "createdDateTime": "2022-09-30T20:32:07.1949218Z",
    "modifiedDateTime": "2022-09-30T20:32:07.4173893Z",
}