Most of the users are reporting that their Desktop shortcuts and Pinned Icons are not working any more. When users click on the Pinned Icons they receive a pop-up message “This file does not have an app associated with it for performing this action. Please install an app or, if one is already installed, create an association in the Default Apps Settings page.“
- There was an update KB5022282 was installed which was released on 1/10/2023.
- Also Microsoft defender definitions were updated. Definitions version 1.1381.2140.0.
- Checked in the Event Viewer -> Windows Defender folder – Found Event ID – 1121 (Microsoft Defender Exploit Guard has blocked an operation that is not allowed by your IT administrator)
I confirmed with Microsoft and they suggested that recent Microsoft defender definitions may have caused this issue. Therefore, tried to roll back the Microsoft defender definitions using below steps but this did not fix the issue.
How to check Microsoft Defender definitions version information
To check the version of Microsof defender definitions, Please follow below steps:
- Go to Start🪟 -> Search for Windows Security.
- Click on Settings⚙️ on the bottom left of the page.
- Click on About link.
Solutions I tried
We have applied two fixes till now which has not fixed this problem.
- We have changed Block Win32 API calls from Office macros policy in Attack surface reduction to Audit mode from Block mode. Microsoft has also suggested this to place the ASR policy in audit mode. Please note that changing this setting in ASR policy will take couple of hours to propagate down to the users devices.
- Rolled back the Defender definitions using
If you want to check / test roll back of Microsoft defender definitions on users devices then you can use below scripts. I have provided both batch file and powershell file as well.
How to Roll back Microsoft Defender definitions using Intune
Create a powershell script file, call it any name you like. e.g. MP.ps1 and paste below code:
Clear-Host Set-Location "C:\Program Files\Windows Defender" .\mpcmdrun.exe -Removedefinitions
- Login on Microsoft Endpoint Manager admin center.
- Go to Devices -> Scripts.
- Click on Add and then add below MP.ps1 and assign it to a group containing devices.
- Recommended to test on one or two devices first before rolling out.
How to Roll back Microsoft Defender definitions using a Batch file
I have also tested a batch file to roll back Microsoft defender definitions to previous stable version. You can copy below code in a file with .bat extension and run it from command prompt as an administrator.
- Go to Start🪟-> Type Run to open a Run box.
- Search for Command prompt app.
- Right click on Command Prompt app and select run as administrator.
- Paste below lines of code on command Prompt or you can copy the code in a bat file and run bat file from command prompt.
@ECHO OFF SET MPPATH="C:\Program Files\Windows Defender\" CD %MPPATH% START MpCmdRun.exe -RemoveDefinitions
Workaround I used
As the desktops shortcuts and Pinned items are not working, the applications are still installed on user’s devices. Therefore, a workaround has been provided to go to the Installation folder of the applications and launch the applications from that location directly.
You can find most of the Installed apps in C:\program files or C:\program files (x86) folder, just search for the Application folder and find the application and launch it from that location till the original issue is rectified.
Alternatively, you can launch all the apps directly using below steps;
- Type Windows🪟 + R to open run box.
- Type below command in the run box to open the apps:.
- For example, to launch Outlook, type outlook in the Run box and press enter.
Similarly for other apps. You can type below key words to open the apps directly via run box:
- Word Application – winword
- Excel Application – Excel
- OneNote – onenote
- Google Chrome – chrome
|Office 365 App||C:\Program Files\Microsoft Office\root\Office16|
Search for excel.exe for Excel App
Search for winword.exe for Word App
Search for Powerpnt.exe for Powerpoint app
Search for Outlook.exe for Outlook App
|Zoom App||C:\Program Files\Zoom\bin\Zoom.exe|
|Microsoft Edge||C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe |
Or C:\Program Files\Microsoft\Edge\Application\msedge.exe
Status of Permanent Fix
I checked with Microsoft to find a permanent fix for this issue but it seems that the issue is faced by a lot of organizations and Microsoft is working on to provide a permanent fix for this issue.
You can check the status of this issue from Microsoft 365 admin center:
- Login on Microsoft 365 admin center.
- go to Health -> Service Health.
- Find the Incident number SI MO497128 and monitor the updates on this issue.
- You can also check the status from https://twitter.com/MSFT365Status twitter page.
How to Create Desktop Shortcuts on users devices
You can either use a batch script and deploy it on user’s device either via Active directory group policy or if you are using Intune then you can also create a script and deploy using Intune. Please follow below blog post which provides more information about How you can easily create desktop shortcuts on user’s devices.
As there is no permanent fix for this issue yet, you can use the workaround so that users can continue to use the applications and their work is not interrupted. Microsoft is working on this issue and I hope we will get update on this soon. You can monitor the status of this issue using Microsoft 365 admin center or via MSFT365Status Twitter page.