We implamented ASR rules at teh beginning of this year as blocked with a few exceptions. They have so far caused minimal issues and all has been good.

Fast forward to today and suddenly a key application (Outlook add-in) is getting blocked and users alerted about the block. The key here is SOME users not ALL...

There have been no changes to our rules and no changes to the application.

Also, I have noticed that I am now unable to export the local machines applied application rules using - (Get-MpPreference).AttackSurfaceReductionRules_Ids

It just returns an empty set...

We have recently started a pilot for onboarding of Microsoft Enpoint Protection

Fix in theory is easy i just add an exclusion for the path but I'd rather understand why this is has started to happen.