Specify GITHUB_TOKEN enterprise behaviour for new Orgs/Enterprises (#55110)

Co-authored-by: Sophie <[email protected]>

Author: GhadimiR

content/admin/enforcing-policies/enforcing-policies-for-your-enterprise/enforcing-policies-for-github-actions-in-your-enterprise.md

@@ -161,7 +161,11 @@ If a policy is enabled for an enterprise, the policy can be selectively disabled
 
 In the "Workflow permissions" section, you can set the **default** permissions granted to the `GITHUB_TOKEN`.
 
-* **Read and write permissions:** By default, `GITHUB_TOKEN` has read and write access for all scopes.
+* **Read and write permissions:** The default permissions for the `GITHUB_TOKEN` depend on when the enterprise or organization was created:
+
+  * **Created on or after February 2, 2023** – Defaults to **read-only** access for all scopes.
+  * **Created before February 2, 2023** – Defaults to **read and write** access for all scopes.
+
 * **Read repository contents and packages permissions:** By default, `GITHUB_TOKEN` has only read access for the `contents` and `packages` scopes. The more permissive setting cannot be chosen as the default for individual organizations or repositories.
 
 Anyone with write access to a repository can still modify the permissions granted to the `GITHUB_TOKEN` for a specific workflow, by editing the `permissions` key in the workflow file.