Implementing Australian Essential Eight Application Control via Windows Defender Application Control

Question

Australian Government recommends implementation of Application Control specifically:

The execution of executables, software libraries, scripts, installers, compiled HTML, HTML applications and control panel applets is prevented on workstations from within standard user profiles and temporary folders used by the operating system, web browsers and email clients.

They recommend using WDAC as a method to achieve this. I am really struggling though to simply put in place this relatively simple requirement.

WDAC Wizard does not appear to support any wildcard or variables for folder path rules, so how can I simply do something like %localappdata%\ ?

I have deployed a WDAC Wizard created policy in audit mode which said only Microsoft executables but after applying other software runs and nothing is logged in CodeIntegrity\Operational as advised should when auditing?

Can someone just read above and tell me what path rules to add that will actually be accepted and apply to block under user profiles and the temp folders? How can I tell if a policy is actually being applied? Seems should be so simple and already hours in and no where.