List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
Applies to:
- Windows 10, version 1607 and later
Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list.
Enlightened versus unenlightened apps
Apps can be enlightened or unenlightened:
Enlightened apps can differentiate between corporate and personal data, correctly determining which to protect, based on your policies.
Unenlightened apps consider all data corporate and encrypt everything. Typically, you can tell an unenlightened app because:
Windows Desktop shows it as always running in enterprise mode.
Windows Save As experiences only allow you to save your files as enterprise.
Windows Information Protection-work only apps are unenlightened line-of-business apps that have been tested and deemed safe for use in an enterprise with WIP and Mobile App Management (MAM) solutions without device enrollment. Unenlightened apps that are targeted by WIP without enrollment run under personal mode.
List of enlightened Microsoft apps
Microsoft has made a concerted effort to enlighten several of our more popular apps, including the following:
Microsoft 3D Viewer
Microsoft Edge
Internet Explorer 11
Microsoft People
Mobile Office apps, including Word, Excel, PowerPoint, OneNote, and Outlook Mail and Calendar
Microsoft 365 Apps for enterprise apps, including Word, Excel, PowerPoint, OneNote, and Outlook
OneDrive app
OneDrive sync client (OneDrive.exe, the next generation sync client)
Microsoft Photos
Groove Music
Notepad
Microsoft Paint
Microsoft Movies & TV
Microsoft Messaging
Microsoft Remote Desktop
Microsoft To Do
Note
Microsoft Visio, Microsoft Office Access, Microsoft Project, and Microsoft Publisher are not enlightened apps and need to be exempted from Windows Information Protection policy. If they are allowed, there is a risk of data loss. For example, if a device is workplace-joined and managed and the user leaves the company, metadata files that the apps rely on remain encrypted and the apps stop functioning.
List of WIP-work only apps from Microsoft
Microsoft still has apps that are unenlightened, but which have been tested and deemed safe for use in an enterprise with Windows Information Protection and MAM solutions.
Skype for Business
Microsoft Teams (build 1.3.00.12058 and later)
Adding enlightened Microsoft apps to the allowed apps list
Note
As of January 2019 it is no longer necessary to add Intune Company Portal as an exempt app since it is now included in the default list of protected apps.
You can add any or all of the enlightened Microsoft apps to your allowed apps list. Included here is the Publisher name, Product or File name, and App Type info for both Microsoft Intune and Microsoft Configuration Manager.
| Product name | App info |
|---|---|
| Microsoft 3D Viewer | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.Microsoft3DViewer App Type: Universal app |
| Microsoft Edge | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.MicrosoftEdge App Type: Universal app |
| Microsoft People | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.People App Type: Universal app |
| Word Mobile | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.Office.Word App Type: Universal app |
| Excel Mobile | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.Office.Excel App Type: Universal app |
| PowerPoint Mobile | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.Office.PowerPoint App Type: Universal app |
| OneNote | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.Office.OneNote App Type: Universal app |
| Outlook Mail and Calendar | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: microsoft.windowscommunicationsapps App Type: Universal app |
| Microsoft 365 Apps for enterprise and Office 2019 Professional Plus | Microsoft 365 Apps for enterprise and Office 2019 Professional Plus apps are set up as a suite. You must use the O365 ProPlus - Allow and Exempt AppLocker policy files (.zip files) to turn the suite on for Windows Information Protection. We don't recommend setting up Office by using individual paths or publisher rules. |
| Microsoft Photos | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.Windows.Photos App Type: Universal app |
| Groove Music | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.ZuneMusic App Type: Universal app |
| Microsoft Movies & TV | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.ZuneVideo App Type: Universal app |
| Microsoft Messaging | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.Messaging App Type: Universal app |
| IE11 | Publisher: O=Microsoft Corporation, L=Redmond, S=Washington, C=USBinary Name: iexplore.exe App Type: Desktop app |
| OneDrive Sync Client | Publisher: O=Microsoft Corporation, L=Redmond, S=Washington, C=USBinary Name: onedrive.exe App Type: Desktop app |
| OneDrive app | Publisher: CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.Microsoftskydrive Product Version:Product version: 17.21.0.0 (and later) App Type: Universal app |
| Notepad | Publisher: O=Microsoft Corporation, L=Redmond, S=Washington, C=USBinary Name: notepad.exe App Type: Desktop app |
| Microsoft Paint | Publisher: O=Microsoft Corporation, L=Redmond, S=Washington, C=USBinary Name: mspaint.exe App Type: Desktop app |
| Microsoft Remote Desktop | Publisher: O=Microsoft Corporation, L=Redmond, S=Washington, C=USBinary Name: mstsc.exe App Type: Desktop app |
| Microsoft MAPI Repair Tool | Publisher: O=Microsoft Corporation, L=Redmond, S=Washington, C=USBinary Name: fixmapi.exe App Type: Desktop app |
| Microsoft To Do | Publisher: O=Microsoft Corporation, L=Redmond, S=Washington, C=USProduct Name: Microsoft.Todos App Type: Store app |
Note
Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see Editing Windows IT professional documentation.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for