Table of contents
TOC
Collapse the table of content
Expand the table of content

AppLocker CSP

Last Updated: 1/24/2017

The AppLocker configuration service provider is used to specify which applications are allowed or disallowed. There is no user interface shown for apps that are blocked.

Note
When you create a list of allowed apps, all inbox apps are also blocked, and you must include them in your list of allowed apps. Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need.

In Windows 10 Mobile, when you create a list of allowed apps, the settings app that rely on splash apps are blocked. To unblock these apps, you must include them in your list of allowed apps.

Delete/unenrollment is not properly supported unless Grouping values are unique across enrollments. If multiple enrollments use the same Grouping value, then unenrollment will not work as expected since there are duplicate URIs that get deleted by the resource manager. To prevent this problem, the Grouping value should include some randomness. The best practice is to use a randomly generated GUID. However, there is no requirement on the exact value of the node.

The following diagram shows the AppLocker configuration service provider in tree format.

applocker csp

./Vendor/MSFT/AppLocker
Defines the root node for the AppLocker configuration service provider.

ApplicationLaunchRestrictions
Defines restrictions for applications.

Note
When you create a list of allowed apps, all inbox apps are also blocked, and you must include them in your list of allowed apps. Don't forget to add the inbox apps for Phone, Messaging, Settings, Start, Email and accounts, Work and school, and other apps that you need.

In Windows 10 Mobile, when you create a list of allowed apps, the settings app that rely on splash apps are blocked. To unblock these apps, you must include them in your list of allowed apps.

Additional information:

EnterpriseDataProtection
Captures the list of apps that are allowed to handle enterprise data. Should be used in conjunction with the settings in ./Device/Vendor/MSFT/EnterpriseDataProtection in EnterpriseDataProtection CSP.

In Windows 10, version 1607 the Windows Information Protection has a concept for allowed and exempt applications. Allowed applications can access enterprise data and the data handled by those applications are protected with encryption. Exempt applications can also access enterprise data, but the data handled by those applications are not protected. This is because some critical enterprise applications may have compatibility problems with encrypted data.

You can set the allowed list using the following URI:

  • ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping/EXE/Policy
  • ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping/StoreApps/Policy

You can set the exempt list using the following URI. The Grouping string must contain the keyword "EdpExempt" anywhere to help distinguish the exempt list from the allowed list. The "EdpExempt" keyword is also evaluated in a case-insensitive manner:

  • ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping includes "EdpExempt"/EXE/Policy
  • ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Grouping includes "EdpExempt"/StoreApps/Policy

Exempt examples:

  • ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/ContosoEdpExempt/EXE/Policy
  • ./Vendor/MSFT/AppLocker/EnterpriseDataProtection/xxxxxEdpExemptxxxxx/EXE/Policy

Additional information:

  • Recommended deny list for Windows Information Protection - example for Windows 10, version 1607 that denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.

Each of the previously listed nodes contains a Grouping node.

TermDescription

Grouping

Grouping nodes are dynamic nodes, and there may be any number of them for a given enrollment (or a given context). The actual identifiers are selected by the management endpoint, whose job it is to determine what their purpose is, and to not conflict with other identifiers that they define.

Different enrollments and contexts may use the same Authority identifier, even if many such identifiers are active at the same time.

Supported operations are Get, Add, Delete, and Replace.

In addition, each Grouping node contains one or more of the following nodes:

TermDescription

EXE

Defines restrictions for launching executable applications.

Supported operations are Get, Add, Delete, and Replace.

MSI

Defines restrictions for executing Windows Installer files.

Supported operations are Get, Add, Delete, and Replace.

Script

Defines restrictions for running scripts.

Supported operations are Get, Add, Delete, and Replace.

StoreApps

Defines restrictions for running apps from the Windows Store.

Supported operations are Get, Add, Delete, and Replace.

DLL

Defines restrictions for processing DLL files.

Supported operations are Get, Add, Delete, and Replace.

CodeIntegrity

This node is only supported on the desktop. Supported operations are Get, Add, Delete, and Replace.

Each of the previous nodes contains one or more of the following leaf nodes:

TermDescription

Policy

Policy nodes define the policy for launching executables, Windows Installer files, scripts, store apps, and DLL files. The contents of a given Policy node is precisely the XML format for a RuleCollection node in the corresponding AppLocker XML policy.

Policy nodes are a Base64-encoded blob of the binary policy representation. The binary policy may be signed or unsigned.

For CodeIntegrity/Policy, you can use the certutil -encode command line tool to encode the data to base-64.

Data type is string. Supported operations are Get, Add, Delete, and Replace.

EnforcementMode

The EnforcementMode node for Windows Information Protection (formerly known as Enterprise Data Protection) does not affect the behavior of EnterpriseDataProtection. The EDPEnforcementLevel from Policy CSP should be used to enable and disable Windows Information Protection (formerly known as Enterprise Data Protection).

The data type is a string. Supported operations are Get, Add, Delete, and Replace.

NonInteractiveProcessEnforcement

The data type is a string.

Supported operations are Add, Delete, Get, and Replace.

Find publisher and product name of apps

You can pair a Windows Phone (Windows 10 Mobile, version 1511) to your desktop using the Device Portal on the phone to get the various types of information, including publisher name and product name of apps installed on the phone. This procedure describes pairing your phone to your desktop using WiFi.

If this procedure does not work for you, try the other methods for pairing described in Device Portal for Mobile.

To find Publisher and PackageFullName for apps installed on Windows 10 Mobile

  1. On your Windows Phone, go to Settings. Choose Update & security. Then choose For developers.
  2. Choose Developer mode.
  3. Turn on Device discovery.
  4. Turn on Device Portal and keep AuthenticationOn.
  5. Under the Device Portal, under Connect using: WiFi, copy the URL to your desktop browser to connect using WiFi.

    If you get a certificate error, continue to the web page.

    If you get an error about not reaching the web page, then you should try the other methods for pairing described in Device Portal for Mobile.

  6. On your phone under Device discovery, tap Pair. You will get a code (case sensitive).

  7. On the browser on the Set up access page, enter the code (case sensitive) into the text box and click Submit.

    The Device Portal page opens on your browser.

    device portal screenshot

  8. On the desktop Device Portal page, click Apps to open the App Manager.

  9. On the App Manager page under Running apps, you will see the Publisher and PackageFullName of apps.

    device portal app manager

  10. If you do not see the app that you want, look under Installed apps. Using the drop down menu, click on the application and you get the Version, Publisher, and PackageFullName displayed.

    app manager

The following table show the mapping of information to the AppLocker publisher rule field.

Device portal dataAppLocker publisher rule field

PackageFullName

ProductName

The product name is first part of the PackageFullName followed by the version number. In the Windows Camera example, the ProductName is Microsoft.WindowsCamera.

Publisher

Publisher

Version

Version

This can be used either in the HighSection or LowSection of the BinaryVersionRange.

HighSection defines the highest version number and LowSection defines the lowest version number that should be trusted. You can use a wildcard for both versions to make a version independent rule. Using a wildcard for one of the values will provide higher than or lower than a specific version semantics.

Here is an example AppLocker publisher rule:

FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Reader" BinaryName="*">
  <BinaryVersionRange LowSection="*" HighSection="*" /> 
  </FilePublisherCondition>

You can get the publisher name and product name of apps using a web API.

To find publisher and product name for Microsoft apps in Windows Store for Business

  1. Go to the Windows Store for Business website, and find your app. For example, Microsoft OneNote.
  2. Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https:<\span>//www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, 9wzdncrfhvjl.
  3. In your browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values.

    Request URI

    https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/{app ID}/applockerdata

Here is the example for Microsoft OneNote:

Request

``` syntax
https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata
```

Result

``` syntax
{
  "packageFamilyName": "Microsoft.Office.OneNote_8wekyb3d8bbwe",
  "packageIdentityName": "Microsoft.Office.OneNote",
  "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
  "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
}
```
Result dataAppLocker publisher rule field

packageIdentityName

ProductName

publisherCertificateName

Publisher

windowsPhoneLegacyId

Same value maps to the ProductName and Publisher name

This value will only be present if there is a XAP package associated with the app in the Store.

If this value is populated then the simple thing to do to cover both the AppX and XAP package would be to create two rules for the app. One rule for AppX using the packageIdentityName and publisherCertificateName value and anothe one using the windowsPhoneLegacyId value.

Settings apps that rely on splash apps

When you create a list of allowed apps in Windows 10 Mobile, you must also include the subset of Settings apps that rely on splash apps in your list of allowed apps. These apps are blocked unless they are explicitly added to the list of allowed apps. The following table shows the subset of Settings apps that rely on splash apps .

The product name is first part of the PackageFullName followed by the version number.

Settings app namePackageFullName or Product nameProductID
Work or school accountMicrosoft.AAD.BrokerPlugine5f8b2c4-75ae-45ee-9be8-212e34f77747
Email and accountsMicrosoft.AccountsControl39cf127b-8c67-c149-539a-c02271d07060
SettingsPageKeyboard5b04b775-356b-4aa0-aaf8-6491ffea5608_1.1.0.0_neutral__cw8ffb7c56vgc5b04b775-356b-4aa0-aaf8-6491ffea5608
SettingsPageTimeRegion5b04b775-356b-4aa0-aaf8-6491ffea560c_1.0.0.0_neutral__gqhq4qhgje4fw5b04b775-356b-4aa0-aaf8-6491ffea560c
SettingsPagePCSystemBluetooth5b04b775-356b-4aa0-aaf8-6491ffea5620_1.0.0.0_neutral__nvaj48k0z8te85b04b775-356b-4aa0-aaf8-6491ffea5620
SettingsPageNetworkAirplaneMode5b04b775-356b-4aa0-aaf8-6491ffea5621_1.0.0.0_neutral__f73kmnfsk0aj25b04b775-356b-4aa0-aaf8-6491ffea5621
SettingsPageNetworkWiFi5b04b775-356b-4aa0-aaf8-6491ffea5623_1.0.0.0_neutral__a3jhh70a240gm5b04b775-356b-4aa0-aaf8-6491ffea5623
SettingsPageNetworkInternetSharing5b04b775-356b-4aa0-aaf8-6491ffea5629_1.0.0.0_neutral__yqcw9dmx6t3pe5b04b775-356b-4aa0-aaf8-6491ffea5629
SettingsPageAccountsWorkplace5b04b775-356b-4aa0-aaf8-6491ffea562a_1.0.0.0_neutral__q1wjbr14bc3d05b04b775-356b-4aa0-aaf8-6491ffea562a
SettingsPageRestoreUpdate5b04b775-356b-4aa0-aaf8-6491ffea5640_1.0.0.0_neutral__j77gbj5kz730y5b04b775-356b-4aa0-aaf8-6491ffea5640
SettingsPageKidsCorner5b04b775-356b-4aa0-aaf8-6491ffea5802_1.0.0.0_neutral__1wmss2z3sft8c5b04b775-356b-4aa0-aaf8-6491ffea5802
SettingsPageDrivingMode5b04b775-356b-4aa0-aaf8-6491ffea5804_1.0.0.0_neutral__t553967svy34g5b04b775-356b-4aa0-aaf8-6491ffea5804
SettingsPageTimeLanguage5b04b775-356b-4aa0-aaf8-6491ffea5808_1.0.0.0_neutral__ecxasj38g8ynw5b04b775-356b-4aa0-aaf8-6491ffea5808
SettingsPageAppsCorner5b04b775-356b-4aa0-aaf8-6491ffea580a_1.0.0.0_neutral__4vefaa8deck745b04b775-356b-4aa0-aaf8-6491ffea580a
SettingsPagePhoneNfcb0894dfd-4671-4bb9-bc17-a8b39947ffb6_1.0.0.0_neutral__1prqnbg33c1tjb0894dfd-4671-4bb9-bc17-a8b39947ffb6

Inbox apps and components

The following list shows the apps that may be included in the inbox.

Note This list identifies system apps that ship as part of Windows that you can add to your AppLocker policy to ensure proper functioning of the operating system. If you decide to block some of these apps, we recommend a thorough testing before deploying to your production environment. Failure to do so may result in unexpected failures and can significantly degrade the user experience.

AppProduct IDProduct name
Advanced infob6e3e590-9fa5-40c0-86ac-ef475de98e88b6e3e590-9fa5-40c0-86ac-ef475de98e88
Age out worker09296e27-c9f3-4ab9-aa76-ecc4497d94bb
Alarms and clock44f7d2b4-553d-4bec-a8b7-634ce897ed5fMicrosoft.WindowsAlarms
App downloads20bf77a0-19c7-4daa-8db5-bc3dfdfa44ac
Assigned access lock appb84f4722-313e-4f85-8f41-cf5417c9c5cb
Bing lock images5f28c179-2780-41df-b966-27807b8de02c
Block and filter59553c14-5701-49a2-9909-264d034deb3d
Calculatorb58171c6-c70c-4266-a2e8-8f9c994f4456Microsoft.WindowsCalculator
Cameraf0d8fefd-31cd-43a1-a45a-d0276db069f1Microsoft.WindowsCamera
CertInstaller4c4ad968-7100-49de-8cd1-402e198d869e
Colour profileb08997ca-60ab-4dce-b088-f92e9c7994f3
Connectaf7d2801-56c0-4eb1-824b-dd91cdf7ece5Microsoft.DevicesFlow
Contact Support0db5fcff-4544-458a-b320-e352dfd9ca2bWindows.ContactSupport
Cortanafd68dcf4-166f-4c55-a4ca-348020f71b94Microsoft.Windows.Cortana
Email and accounts39cf127b-8c67-c149-539a-c02271d07060Microsoft.AccountsControl
Enterprise install appda52fa01-ac0f-479d-957f-bfe4595941cb
Equalizer373cb76e-7f6c-45aa-8633-b00e85c73261
Excelead3e7c0-fae6-4603-8699-6a448138f4dcMicrosoft.Office.Excel
Facebook82a23635-5bd9-df11-a844-00237de2db9eMicrosoft.MSFacebook
Field Medic73c58570-d5a7-46f8-b1b2-2a90024fc29c
File Explorerc5e2524a-ea46-4f67-841f-6a9465d9d515c5e2524a-ea46-4f67-841f-6a9465d9d515
FM Radiof725010e-455d-4c09-ac48-bcdef0d4b626f725010e-455d-4c09-ac48-bcdef0d4b626
Get Startedb3726308-3d74-4a14-a84c-867c8c735c3cMicrosoft.Getstarted
Glance106e0a97-8b19-42cf-8879-a8ed2598fcbb
Groove Musicd2b6a184-da39-4c9a-9e0a-8b589b03dec0Microsoft.ZuneMusic
Hands-Free Activationdf6c9621-e873-4e86-bb56-93e9f21b1d6f
Hands-Free Activation72803bd5-4f36-41a4-a349-e83e027c4722
HAP update background worker73c73cdd-4dea-462c-bd83-fa983056a4ef
Lumia motion data8fc25fd2-4e2e-4873-be44-20e57f6ec52b
Mapsed27a07e-af57-416b-bc0c-2596b622ef7dMicrosoft.WindowsMaps
Messaging27e26f40-e031-48a6-b130-d1f20388991aMicrosoft.Messaging
Microsoft account3a4fae89-7b7e-44b4-867b-f7e2772b8253Microsoft.CloudExperienceHost
Microsoft Edge395589fb-5884-4709-b9df-f7d558663ffdMicrosoft.MicrosoftEdge
Microsoft FrameworksProductID = 00000000-0000-0000-0000-000000000000

PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"

MiracastView906beeda-b7e6-4ddc-ba8d-ad5031223ef9906beeda-b7e6-4ddc-ba8d-ad5031223ef9
Money1e0440f1-7abf-4b9a-863d-177970eefb5eMicrosoft.BingFinance
Movies and TV6affe59e-0467-4701-851f-7ac026e21665Microsoft.ZuneVideo
Music downloads3da8a0c1-f7e5-47c0-a680-be8fd013f747
Navigation bar2cd23676-8f68-4d07-8dd2-e693d4b01279
Network services62f172d1-f552-4749-871c-2afd1c95c245
News9c3e8cad-6702-4842-8f61-b8b33cc9caf1Microsoft.BingNews
OneDrivead543082-80ec-45bb-aa02-ffe7f4182ba8Microsoft.MicrosoftSkydrive
OneNoteca05b3ab-f157-450c-8c49-a1f127f5e71dMicrosoft.Office.OneNote
Outlook Calendar and Maila558feba-85d7-4665-b5d8-a2ff9c19799bMicrosoft.WindowsCommunicationsApps
People60be1fb8-3291-4b21-bd39-2221ab166481Microsoft.People
Phone5b04b775-356b-4aa0-aaf8-6491ffea56115b04b775-356b-4aa0-aaf8-6491ffea5611
Phone (dialer)f41b5d0e-ee94-4f47-9cfe-3d3934c5a2c7Microsoft.CommsPhone
Phone reset dialog2864278d-09b5-46f7-b502-1c24139ecbdd
Photosfca55e1b-b9a4-4289-882f-084ef4145005Microsoft.Windows.Photos
Podcastsc3215724-b279-4206-8c3e-61d1a9d63ed3Microsoft.MSPodcast
Posdcast downloads063773e7-f26f-4a92-81f0-aa71a1161e30
Powerpointb50483c4-8046-4e1b-81ba-590b24935798Microsoft.Office.PowerPoint
PrintDialog0d32eeb1-32f0-40da-8558-cea6fcbec4a4Microsoft.PrintDialog
Purchase dialogc60e79ca-063b-4e5d-9177-1309357b2c3f
Rate your deviceaec3bfad-e38c-4994-9c32-50bd030730ec
RingtoneApp.WindowsPhone3e962450-486b-406b-abb5-d38b4ee7e6feMicrosoft.Tonepicker
Save ringtoned8cf8ec7-ec6d-4892-aab9-1e3a4b5fa24b
Settings2a4e62d8-8809-4787-89f8-69d0f01654fb2a4e62d8-8809-4787-89f8-69d0f01654fb
Setup wizard07d87655-e4f0-474b-895a-773790ad4a32
Sharingb0894dfd-4671-4bb9-bc17-a8b39947ffb6
Skypec3f8e570-68b3-4d6a-bdbb-c0a3f4360a51Microsoft.SkypeApp
Skype Video27e26f40-e031-48a6-b130-d1f20388991aMicrosoft.Messaging
Sports0f4c8c7e-7114-4e1e-a84c-50664db13b17Microsoft.BingSports
SSMHoste232aa77-2b6d-442c-b0c3-f3bb9788af2a
Start5b04b775-356b-4aa0-aaf8-6491ffea56025b04b775-356b-4aa0-aaf8-6491ffea5602
Storage5b04b775-356b-4aa0-aaf8-6491ffea564d5b04b775-356b-4aa0-aaf8-6491ffea564d
Store7d47d89a-7900-47c5-93f2-46eb6d94c159Microsoft.WindowsStore
Touch (gestures and touch)bbc57c87-46af-4c2c-824e-ac8104cceb38
Voice recorder7311b9c5-a4e9-4c74-bc3c-55b06ba95ad0Microsoft.WindowsSoundRecorder
Wallet587a4577-7868-4745-a29e-f996203f1462Microsoft.MicrosoftWallet
Weather63c2a117-8604-44e7-8cef-df10be3a57c8Microsoft.BingWeather
Windows default lock screencdd63e31-9307-4ccb-ab62-1ffa5721b503
Windows Feedback7604089d-d13f-4a2d-9998-33fc02b63ce3Microsoft.WindowsFeedback
Word258f115c-48f4-4adb-9a68-1387e634459bMicrosoft.Office.Word
Work or school accounte5f8b2c4-75ae-45ee-9be8-212e34f77747Microsoft.AAD.BrokerPlugin
Xboxb806836f-eebe-41c9-8669-19e243b81b83Microsoft.XboxApp
Xbox identity providerba88225b-059a-45a2-a8eb-d3580283e49dMicrosoft.XboxIdentityProvider

Whitelist example

The following example for Windows 10 Mobile denies all apps and allows the following apps:

In this example, MobileGroup0 is the node name. We recommend using a GUID for this node.

<?xml version="1.0" encoding="utf-8"?>
<SyncML>
  <SyncBody>
    <Add>
      <CmdID>1</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MobileGroup0</LocURI>
        </Target>
      </Item>
    </Add>
    <Add>
      <CmdID>2</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MobileGroup0/StoreApps</LocURI>
        </Target>
      </Item>
    </Add>
    <Replace>
      <CmdID>3</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/ApplicationLaunchRestrictions/MobileGroup0/StoreApps/Policy</LocURI>
        </Target>
        <Meta>
          <Format xmlns="syncml:metinf">chr</Format>
        </Meta>
        <Data>
&lt;RuleCollection Type="Appx" EnforcementMode="Enabled"&gt;

    &lt;FilePublisherRule Id="172B8ACE-AAF5-41FA-941A-93AEE126B4A9" Name="Default Rule to Deny ALL" Description="Deny all publisher" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="CN=*" ProductName="*" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="DDCD112F-E003-4874-8B3E-14CB23851D54" Name="Whitelist Settings splash app" Description="Allow Admins to run Settings." UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="2A4E62D8-8809-4787-89F8-69D0F01654FB" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="757D94A8-C752-4013-9896-D46EF10925E9" Name="Whitelist Settings WorkOrSchool" Description="Allow Admins to run WorkOrSchool" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA562A" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="473BCE1A-94D2-4AE1-8CB1-064B0677CACB" Name="Whitelist WorkPlace AAD BrokerPlugin" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.AAD.BrokerPlugin" BinaryName="*" &gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="E13EA64B-B0D3-4257-87F4-1B522D06EA03" Name="Whitelist Start" Description="Allow Admins to run Start." UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5602" BinaryName="*" &gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="2898C4B2-4B37-4BFF-8F7B-16B377EDEA88" Name="Whitelist SettingsPageKeyboard" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5608" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="15BBA04F-3989-4FF7-9FEF-83C4DFDABA27" Name="Whitelist SettingsPageTimeRegion" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea560c" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="C3735CB1-060D-4D40-9708-6D33B98A7A2D" Name="Whitelist SettingsPagePCSystemBluetooth" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5620" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="AFACF5A3-2974-41EE-A31A-1486F593C145" Name="Whitelist SettingsPageNetworkAirplaneMode" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5621" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="7B02A339-9E77-4694-AF86-119265138129" Name="Whitelist SettingsPageNetworkWiFi" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5623" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="F912172F-9D83-46F5-8D6C-BA7AB17063BE" Name="Whitelist SettingsPageNetworkInternetSharing" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5629" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="67AE8001-4E49-442A-AD72-F837129ABF63" Name="Whitelist SettingsPageRestoreUpdate" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5640" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="7B65BCB2-4B1D-42B6-921B-B87F1474BDC5" Name="Whitelist SettingsPageKidsCorner" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5802" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="3964A53B-E131-4ED6-88DA-71FBDBE4E232" Name="Whitelist SettingsPageDrivingMode" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5804" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="99C4CD58-51A2-429A-B479-976ADB4EA757" Name="Whitelist SettingsPageTimeLanguage" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea5808" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="EBA3BCBE-4651-48CE-8F94-C5AC5D8F72FB" Name="Whitelist SettingsPageAppsCorner" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="5b04b775-356b-4aa0-aaf8-6491ffea580a" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="E16EABCC-46E7-4AB3-9F48-67FFF941BBDC" Name="Whitelist SettingsPagePhoneNfc" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="*" ProductName="b0894dfd-4671-4bb9-bc17-a8b39947ffb6" BinaryName="*"&gt;
                &lt;BinaryVersionRange LowSection="*" HighSection="*"/&gt;
            &lt;/FilePublisherCondition&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="1F4C3904-9976-4FEE-A492-5708F14EABA5" Name="Whitelist MSA Cloud Experience Host" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.CloudExperienceHost" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="AA741A28-7C02-49A5-AA5C-35D53FB8A9DC" Name="Whitelist Email and Accounts" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.AccountsControl" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="863BE063-D134-4C5C-9825-9DF9A86B6B56" Name="Whitelist Calculator" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCalculator" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="1DA2F479-3D1D-4425-9FFA-D4E6908F945A" Name="Whitelist Alarms and  Clock" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsAlarms" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="18E12372-21C6-4DA5-970E-0A58739D7151" Name="Whitelist People" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.People" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="FD686D83-A829-4351-8FF4-27C7DE5755D2" Name="Whitelist Camera" Description="Allow Admins to run camera." UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsCamera" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="16875F70-1778-43CC-96BB-783C9A8E53D5" Name="Whitelist WindowsMaps" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsMaps" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="D21D6F9D-CFF6-4AD1-867A-2411CE6A388D" Name="Whitelist FileExplorer" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="c5e2524a-ea46-4f67-841f-6a9465d9d515" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="450B6D7E-1738-41C9-9241-466C3FA4AB0C" Name="Whitelist FM Radio" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="*" ProductName="F725010E-455D-4C09-AC48-BCDEF0D4B626" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="37F4272C-F4A0-4AB8-9B5F-C9194A0EC6F3" Name="Whitelist Microsoft Edge" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftEdge" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="253D3AEA-36C0-4877-B932-9E9C9493F3F3" Name="Whitelist Movies" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneVideo" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="9A73E081-01D1-4BFD-ADF4-5C29AD4031F7" Name="Whitelist Money" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingFinance" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="EE4BF66C-EBF0-4565-982C-922FFDCB2E6D" Name="Whitelist News" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingNews" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="D78E6A9D-10F8-4C23-B620-40B01B60E5EA" Name="Whitelist Onedrive" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="*" ProductName="AD543082-80EC-45BB-AA02-FFE7F4182BA8" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="0012F35E-C242-47FF-A573-3DA06AF7E43C" Name="Whitelist Onedrive APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftSkydrive" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="178B0D68-3498-40CE-A0C3-295C6B3DA169" Name="Whitelist OneNote" Description="Allow Admins to run onenote." UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.OneNote" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="673914E4-D73A-405D-8DCF-173E36EA6722" Name="Whitelist GetStarted" Description="Allow Admins to run onenote." UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Getstarted" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="4546BD28-69B6-4175-A44C-33197D48F658" Name="Whitelist Outlook Calendar" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="7B843572-E1AD-45E6-A1F2-C551C70E4A34" Name="Whitelist Outlook Mail" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="microsoft.windowscommunicationsapps" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="E5A1CD1A-8C23-41E4-AACF-BF82FCE775A5" Name="Whitelist Photos" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Photos" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="0A194DD1-B25B-4512-8AFC-6F560D0EC205" Name="Whitelist PodCasts" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MSPodcast" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="F5D27860-0238-4D1A-8011-9B8B263C3A33" Name="Whitelist SkypeApp" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="*" ProductName="Microsoft.SkypeApp" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="B8BBC965-EC6D-4C16-AC68-C5F0090CB703" Name="Whitelist Store" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsStore" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="6031E1E7-A659-4B3D-87FB-3CB4C900F9D2" Name="Whitelist Sports" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingSports" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="A6D61B56-7CF7-4E95-953C-3A5913309B4E" Name="Whitelist Wallet" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MicrosoftWallet" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="A2C44744-0627-4A52-937E-E3EC1ED476E0" Name="Whitelist Weather" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BingWeather" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="D79978B4-EFAE-4458-8FE1-0F13B5CE6764" Name="Whitelist Xbox" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxApp" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="395713B9-DD39-4741-8AB3-63D0A0DCA2B0" Name="Whitelist Xbox Identity Provider" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.XboxIdentityProvider" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="7565A8BB-D50B-4237-A9E9-B0997B36BDF9" Name="Whitelist Voice recorder" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsSoundRecorder" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="409A286E-8C3D-48AB-9D7C-3225A48B30C9" Name="Whitelist Word" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.Word" BinaryName="*" /&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="F72A5DA6-CA6A-4E7F-A350-AC9FACAB47DB" Name="Whitelist Excel" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.Excel" BinaryName="*" /&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="169B3498-2A73-4D5C-8AFB-A0DE2908A07D" Name="Whitelist PowerPoint" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
        &lt;Conditions&gt;
            &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Office.PowerPoint" BinaryName="*" /&gt;
        &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="A483B662-3538-4D70-98A7-1312D51A0DB9" Name="Whitelist Contact Support" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Windows.ContactSupport" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="EAB1CEDC-DD8A-4311-9146-27A3C689DEAF" Name="Whitelist Cortana" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Cortana" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="01CD8E68-666B-4DE6-8849-7CE4F0C37CA8" Name="Whitelist Storage" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA564D" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="15D9AD89-58BC-458E-9B96-3A18DA63AC3E" Name="Whitelist Groove Music" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.ZuneMusic" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="E2B71B03-D759-4AE2-8526-E1A0CE2801DE" Name="Whitelist Windows Feedback" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.WindowsFeedback" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="E7A30489-A20B-44C3-91A8-19D9F61A8B5B" Name="Whitelist Messaging and Messaging Video" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Messaging" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="D2A16D0C-8CC0-4C3A-9FB5-C1DB1B380CED" Name="Whitelist Phone splash" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
    &lt;FilePublisherCondition PublisherName="*" ProductName="5B04B775-356B-4AA0-AAF8-6491FFEA5611" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="2A355478-7449-43CB-908A-A378AA59FBB9" Name="Whitelist Phone APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.CommsPhone" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="89441630-7F1C-439B-8FFD-0BEEFF400C9B" Name="Whitelist Connect APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.DevicesFlow" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="E8AF01B5-7039-44F4-8072-6A6CC71EDF2E" Name="Whitelist Miracast APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="906BEEDA-B7E6-4DDC-BA8D-AD5031223EF9" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="DA02425B-0291-4A10-BE7E-B9C7922F4EDF" Name="Whitelist Print Dialog APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.PrintDialog" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="42919A05-347B-4A5F-ACB2-73710A2E6203" Name="Whitelist Block and Filter APP" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.BlockandFilterglobal" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="6F3D8885-C15E-4D7E-8E1F-F2A560C08F9E" Name="Whitelist MSFacebook" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.MSFacebook" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

    &lt;FilePublisherRule Id="5168A5C3-5DC9-46C1-87C0-65A9DE1B4D18" Name="Whitelist Advanced Info" Description="Allow Admins" UserOrGroupSid="S-1-1-0" Action="Allow"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="*" ProductName="B6E3E590-9FA5-40C0-86AC-EF475DE98E88" BinaryName="*" /&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;

&lt;/RuleCollection&gt;
        </Data>
      </Item>
    </Replace>
    <Final/>
  </SyncBody>
</SyncML>

The following example for Windows 10, version 1607 denies known unenlightened Microsoft apps from accessing enterprise data as an allowed app. (An administrator might still use an exempt rule, instead.) This ensures an administrator does not accidentally make these apps Windows Information Protection allowed, and avoid known compatibility issues related to automatic file encryption with these applications.

In this example, Contoso is the node name. We recommend using a GUID for this node.

<?xml version="1.0" encoding="utf-8"?>
<SyncML>
  <SyncBody>
    <Add>
      <CmdID>1</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Contoso</LocURI>
        </Target>
      </Item>
    </Add>
    <Add>
      <CmdID>2</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Contoso/EXE</LocURI>
        </Target>
      </Item>
    </Add>
    <Replace>
      <CmdID>3</CmdID>
      <Item>
        <Target>
          <LocURI>./Vendor/MSFT/AppLocker/EnterpriseDataProtection/Contoso/EXE/Policy</LocURI>
        </Target>
        <Meta>
          <Format xmlns="syncml:metinf">chr</Format>
        </Meta>
        <Data>
  &lt;RuleCollection Type="Exe" EnforcementMode="Enabled"&gt;
    &lt;FilePublisherRule Id="b005eade-a5ee-4f5a-be45-d08fa557a4b2" Name="MICROSOFT OFFICE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE" BinaryName="*"&gt;
          &lt;BinaryVersionRange LowSection="*" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;
    &lt;FilePublisherRule Id="de9f3461-6856-405d-9624-a80ca701f6cb" Name="MICROSOFT OFFICE 2003, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2003" BinaryName="*"&gt;
          &lt;BinaryVersionRange LowSection="*" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;
    &lt;FilePublisherRule Id="ade1b828-7055-47fc-99bc-432cf7d1209e" Name="2007 MICROSOFT OFFICE SYSTEM, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="2007 MICROSOFT OFFICE SYSTEM" BinaryName="*"&gt;
          &lt;BinaryVersionRange LowSection="*" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;
    &lt;FilePublisherRule Id="f6a075b5-a5b5-4654-abd6-731dacb40d95" Name="MICROSOFT OFFICE ONENOTE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE ONENOTE" BinaryName="*"&gt;
          &lt;BinaryVersionRange LowSection="*" HighSection="12.0.9999.9999" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;
    &lt;FilePublisherRule Id="0ec03b2f-e9a4-4743-ae60-6d29886cf6ae" Name="MICROSOFT OFFICE OUTLOOK, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE OUTLOOK" BinaryName="*"&gt;
          &lt;BinaryVersionRange LowSection="*" HighSection="12.0.9999.9999" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;
    &lt;FilePublisherRule Id="7b272efd-4105-4fb7-9d40-bfa597c6792a" Name="MICROSOFT OFFICE 2013, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2013" BinaryName="*"&gt;
          &lt;BinaryVersionRange LowSection="*" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Conditions&gt;
    &lt;/FilePublisherRule&gt;
    &lt;FilePublisherRule Id="89d8a4d3-f9e3-423a-92ae-86e7333e2662" Name="MICROSOFT ONENOTE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONENOTE" BinaryName="*"&gt;
          &lt;BinaryVersionRange LowSection="*" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Conditions&gt;
      &lt;Exceptions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONENOTE" BinaryName="ONENOTE.EXE"&gt;
          &lt;BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Exceptions&gt;
    &lt;/FilePublisherRule&gt;
    &lt;FilePublisherRule Id="5a2138bd-8042-4ec5-95b4-f990666fbf61" Name="MICROSOFT OUTLOOK, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OUTLOOK" BinaryName="*"&gt;
          &lt;BinaryVersionRange LowSection="*" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Conditions&gt;
      &lt;Exceptions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OUTLOOK" BinaryName="OUTLOOK.EXE"&gt;
          &lt;BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Exceptions&gt;
    &lt;/FilePublisherRule&gt;
    &lt;FilePublisherRule Id="3fc5f9c5-f180-435b-838f-2960106a3860" Name="MICROSOFT ONEDRIVE, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONEDRIVE" BinaryName="*"&gt;
          &lt;BinaryVersionRange LowSection="*" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Conditions&gt;
      &lt;Exceptions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT ONEDRIVE" BinaryName="ONEDRIVE.EXE"&gt;
          &lt;BinaryVersionRange LowSection="17.3.6386.0412" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Exceptions&gt;
    &lt;/FilePublisherRule&gt;
    &lt;FilePublisherRule Id="17d988ef-073e-4d92-b4bf-f477b2ecccb5" Name="MICROSOFT OFFICE 2016, from O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" Description="" UserOrGroupSid="S-1-1-0" Action="Deny"&gt;
      &lt;Conditions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="*"&gt;
          &lt;BinaryVersionRange LowSection="*" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Conditions&gt;
      &lt;Exceptions&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="LYNC.EXE"&gt;
          &lt;BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="LYNC99.EXE"&gt;
          &lt;BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="UCMAPI.EXE"&gt;
          &lt;BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="OCPUBMGR.EXE"&gt;
          &lt;BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="WINWORD.EXE"&gt;
          &lt;BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="EXCEL.EXE"&gt;
          &lt;BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="POWERPNT.EXE"&gt;
          &lt;BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
        &lt;FilePublisherCondition PublisherName="O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US" ProductName="MICROSOFT OFFICE 2016" BinaryName="MSOSYNC.EXE"&gt;
          &lt;BinaryVersionRange LowSection="16.0.7500.0000" HighSection="*" /&gt;
        &lt;/FilePublisherCondition&gt;
      &lt;/Exceptions&gt;
    &lt;/FilePublisherRule&gt;
  &lt;/RuleCollection&gt;
        </Data>
      </Item>
    </Replace>
    <Final/>
  </SyncBody>
</SyncML>

Configuration service provider reference

© 2017 Microsoft