If one uses MS Office, then it is good to use Defender's ASR rules and also block Add-ins file extensions. ASR rules do not prevent malicious Add-ins. The problem is that running Add-ins often does not spawn child processes (similarly to loading DLLs).
MDA, ACCDA, ACCDU
XLA, XLAM, XLL
PA, PPA, PPAM
The attacks via Add-ins can be efficiently blocked (so far) by Defender's HIGH settings + SWH (H_C) on default settings. This happens because they use VBA (blocked by SWH / H_C on default settings) or LOLBins (blocked by ASR rules). But these attacks can be in theory more sophisticated, so it is better to block the Add-in extensions, especially with Defender on default settings. These extensions will be added to the default settings in the next versions of H_C and SWH.
Another solution is blocking all Add-ins in MS Office applications (this solution can cause problems).
The Add-ins mentioned by me, work mostly like DLLs. The DLLs can be run via RunDLL32, Regsrv32, and similar LOLBins, but this would require access to the CmdLine or some exploit. On the contrary, Add-ins can be run by Access, Excel, Outlook, PowerPoint, and Word, when the user simply clicks on the Add-in file.