⚠️ #MIcrosoftServiceHealth #Advisory MO497128: For everyone who lost the use of their #MicrostfOffice desktop apps today, it's because of an issue that Microsoft is dealing with, related directly to #Defender #AttackSurfaceReduction, or #ASR rules. Specifically: "Block Win32 API calls from Office Macros" with ID 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b.

#Hotfix:
Admins can put the ASR rule into #Audit Mode to avoid further impact. Please note that you may need to re-enable the rule once the issue has been fully resolved. This can be done through one of the following methods:

- Using Powershell: Add-MpPreference -AttackSurfaceReductionRules_Ids 92e97fa1-2edf-4476-bdd6-9dd0b4dddc7b -AttackSurfaceReductionRules_Actions AuditMode

- Using Intune: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#mem

- Using Group Policy: https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#group-policy

#TheMoreYouKnow #SysAdmins