MS Defender signature update major bug in conjunction with Attack Surface Reduction for M365 kills all app links – MO497128

Update! Microsoft release a script that fixes 33 apps, along with instructions how to deploy it via Intune or… Endpoint Manager or whatever is the name of it this week… Better than nothing I suppose.

Friday the 13th! You enter the office and your helpdesk tells you that the links for the Office applications disappeared from some users. As a proper SysAdmin (AKA BOFH), you dismiss the incident and continue with your planned tasks. After a while you get people calling you that I have no Outlook any more….help! You decide to investigate a bit more and you find out that the MS Defender ASR killed all the .lnk files.

Rule: Block Win32 API calls from Office macro

It seems that a signature update for MS Defender has created this mess and still no word from Microsoft.

Only solution for the moment is a workaround to disable the Block Win32 API calls from Office macro

Bulk sync all devices (maximum 100 per time and you need to select them one by one) and recreate the links or run the office repair

“C:\Program Files\Microsoft Office 15\ClientX64\OfficeClicktoRun.exe” scenario=Repair platform=x64 culture=en-us DisplayLevel=True

Thank you Microsoft, have a nice weekend!

Leave a Reply

Your email address will not be published. Required fields are marked *