Advanced deployment of shortcuts to web apps with Microsoft Intune – Revamped

Advanced deployment of shortcuts to web apps with Microsoft Intune – Revamped

Back in 2018, I blogged about deploying web links to Windows 10 devices using a PowerShell Script solution in Intune. Because when admins use the web app deployment type in Intune, shortcuts are only created in the start menu with the default browser’s icon. The PowerShell solution I blogged about has added benefits compared to the built-in option in Intune, for example, it enables admins to place shortcuts on the desktop, in the startup folder and provides the option to use an icon of choice for the shortcut.

Community feedback

In the past years, there’s been a lot of comments and feedback on the PowerShell solution.

  • The PowerShell solution was designed to run in the context of the user. In some use cases, admins want to target the %ALLUSERSPROFILE% and %PUBLIC% desktop. The provided script needs modification and would not work for that scenario out-of-the-box.
  • If OneDrive Known Folder Move was in place, the shortcut would be created in the wrong location, because I assumed the desktop would always be at the $env:USERPROFILE\Desktop path instead of using the Environment.GetFolderPath method:[Environment]::GetFolderPath("Desktop") to check the desktop’s location.
  • Some admins using the PowerShell solution to deploy web links requested assistance in removing the shortcuts when they were no longer used in their organization.

With ~700 monthly page views for that blog post, it is the most popular post I’ve published so far. Based on your feedback and popularity, it’s time for a revamp!

Say hi to the Win32 app solution

I’ve rebuilt the PowerShell Script and wrapped it as a Win32 app. Benefits of the Win32 app, as opposed to the native PowerShell solution, are:

  • A shortcut can easily be installed as a required or available app, but also removed by assigning a shortcut to uninstall
  • When a shortcut is removed by a user, the Win32 App detection will detect that (syncs every hour) and places the shortcut back
  • The wrapped Win32 app supports parameters for the embedded PowerShell script in the install and uninstall commands. So you can use the prebuild Win32 app available on GitHub!

So what else is new to the Win32 app solution?

  • Can either run in System (for all users) or User (current user only) context. The script will check in which context it runs and creates shortcuts in either the user’s profile or public/all users start menu, desktop, and/or startup folder accordingly.
  • Support when the desktop is redirected with OneDrive Known Folder Move.
  • You can provide the URL where the icon is hosted in contrast to embedding an icon Base64 encoded in the PowerShell script solution.

How to deploy a web link using the Win32 app solution?

You can find a prepackaged .intunewin Win32 app, the source code and documentation on how to deploy the app on my GitHub

Let’s walk through the deployment

  1. Download the prepackaged .intunewin file, or use the IntuneWinAppUtil to wrap the source and create your package.
  2. Create a new Win32 app in Microsoft Intune and upload the package.
  3. Configure the install and uninstall commands to your needs, for example:
    Install command: PowerShell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "Add-WebApp.ps1" -ShortcutName "MyApps" -ShortcutUrl "" -ShortcutIconUrl "" -ShortcutInStartMenu "true" -ShortcutOnDesktop "true" -ShortcutInStartup "false"
  4. Uninstall command: PowerShell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "Remove-WebApp.ps1" -ShortcutName "MyApps"
  5. Select System context if you want to deploy the shortcut to all users that log on the device or User context to deploy it only in the user’s profile of those assigned.
  6. Configure the detection rules, depending on the context you run the app in:

    Detection when running in System context
    Rules format: Manually configure detection rules
    Rule type: File
    Path: %PROGRAMDATA%\Icons
    File: My Apps.ico
    Detection method: File or folder exists

    Rule type: File
    Path: %PUBLIC%\Desktop
    File: My Apps.lnk
    Detection method: File or folder exists

    Rule type: File
    Path: %PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs
    File: My Apps.lnk
    Detection method: File or folder exists

    Detection when running in User context
    Rules format: Manually configure detection rules
    Rule type: File
    Path: %APPDATA%\Icons
    File: My Apps.ico
    Detection method: File or folder exists

    Rule type: File
    Path: %ONEDRIVE%\Desktop if using OneDrive KFM OR %USERPROFILE%\Desktop if not.
    File: My Apps.lnk
    Detection method: File or folder exists

    Rule type: File
    Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs
    File: My Apps.lnk
    Detection method: File or folder exists
  7. Assign it to your users or devices, review the summary, and create the app!


As with the PowerShell solution, the IntuneManagementExtension takes care of installing Win32 apps. As the end result is the same, I reused the gif from my old blog post below.

If you have any questions or feedback, please don’t hesitate to reach out to me using the comments section below or on Twitter @jseerden.

38 thoughts on “Advanced deployment of shortcuts to web apps with Microsoft Intune – Revamped

  1. Nice, this works really good! Only downside that i can think of is that we don’t have a choice of a preferred browser anymore. Which in some cases is necessary

    1. Hi Kevin,

      That’s true. No plans at the moment, but I might add the option to choose a browser to launch the app with in a future update.

      Best regards,


  2. Thanks for the epic script – I’ve tested it and it works as expected however would it be possible that it does not work properly on a non-english OS as it appears to be putting the shortcut in root C:\

    Any ideas?

  3. Thank you, this was just what I was looking for.

    Also, I guess the “%PROGRAMDATA%” under ‘Detection in User Context’ should be “%APPDATA%”?

  4. Great blog!
    I am trying to implement something similar, I would assume that I need to create a win32 app for each icon I would like to deploy?

  5. Hi John,
    After a bit of figuring out it was straight forward and worked like a charm.
    1 question, when the install is finished i get the notification it cant be installed, but the shortcut is present on desktop and start menu.
    In Intune i get error: 0x87D1041C

    Any idea how to fix it?

    1. Hi Dylan,

      Make sure to check the detection rules. They decide to present an installation success or failure.

      If the shortcut is present, but you are notified that it can’t be installed, then the detection rule is wrong.

      Best regards,


  6. Hi,

    Thanks for the script. I’m trying to figure out what syntax to use when i want to add several shortcuts. Could you help out please?

  7. Hi,

    First of all thank you for your work. This works partly for me but I run into some strange issues.

    I runned this either as user or system (with different values offcourse). Both scenarios make my default browser open the webpages assigned by the icon (even if I remove the icon + delete the need to install it via policy).

    Also I am getting that the installation of the app failed (while it installed).

    Any ideas?


    1. Hi Robby,

      Make sure ShortcutInStartup is set to “false”, not $false. Yes you read that right, “false”, not $false. I had some issues passing boolean values from the Intune install cmdlet to the PowerShell script, so it’s presented as a string value”. Make sure to check the example at

      Also, check the detection rules. They decide whether an app installation succeeds or fail.

      If the shortcut is present, but you are notified that it can’t be installed, then the detection rule is wrong.

      Best regards,


  8. Nick. Thanks for your effort to create this and share for us. I have a question for you.
    some reason even though with “ShortcutInStartup $false”, it still created a shortcut in the Startup and it keeps popping up while windows startup..
    I have applied exactly what you have instructed here.
    is this a bug or i didn’t something wrong?


  9. Dude this is awesome! Thank you SO MUCH! I have a question. If if download the raw files, and create my own .intunewin file, can I just point o the .ico file in the package or does it HAVE to be a URL?

    1. Hi Garth,

      Make sure you edit the script so the .ico in your .intunewin file is copied to the local PC, and point the script to the local path instead.

      Best regards,


  10. Maybe
    $Shortcut.WindowStyle = 3
    could be added to
    $Shortcut.TargetPath = $ShortcutUrl
    $Shortcut.WindowStyle = 3
    if ($ShortcutIconLocation) {
    $Shortcut.IconLocation = $ShortcutIconLocation
    so the shortcut is opend maximized.
    1 = normal
    7 = minimized

  11. Thank you for this! I am experiencing an odd behavior. I have the following set in the install command: “-ShortcutInStartMenu $false -ShortcutOnDesktop $true -ShortcutInStartup $false”. However, my icons are still being placed in the common startup folder as well as the desktop. That is causing Edge to open all of them up after the user logs in.

  12. Thanks John! Implemented this with ShortcutInStartup $false, but the script still installs the shortcut in de Startup folder. Have you heard this before? Any pointers to common mistakes?

  13. Good solution, but the shortcut opens when the PC restarts, make sure that I -ShortcutInStartup $false in the installation command.

  14. This is brilliant! How would you advice using a custom .ico file that’s not online? We have a web app and the devs have emailed us an .ico file but I’m not sure how to add this to your InTune script. Thanks.

    1. Hi Matt,

      I would deploy an Azure storage account and host it there myself. Another option is to embed the .ico in the Win32 app and copy it to the local machine, then reference the local file in the install cmdlet.

      Best regards,


  15. Hi John!

    This works now but still says failed? The detection rules are exactly like your example:
    Rule type: File
    Path: %ONEDRIVE%\Desktop if using OneDrive KFM
    File: My Apps.lnk
    Detection method: File or folder exists

    What else can I check for?

  16. I get this error…

    The application was not detected after installation completed successfully (0x87D1041C)

  17. Hi John, thank you very much for this post.
    One questio, how do I change the ShortcutIconLocation to a png file?
    Can I use the win32 package for that?

  18. Hey Everyone,

    In case this helps anyone in the future, I took the old version that was chrome specific, merged a couple lines into the 2.0 version to make the desktop shortcut launch Chrome.

    Added this to the top of the parameters section

    [string]$BrowserPath = “C:\Program Files (x86)\Google\Chrome\Application\chrome.exe”,

    Modified the System Context version of the desktop shortcut
    if ($ShortcutOnDesktop) {
    $Shortcut = $WScriptShell.CreateShortcut(“$env:PUBLIC\Desktop\$ShortcutName.lnk”)
    $Shortcut.TargetPath = $BrowserPath
    $Shortcut.Arguments = $ShortcutUrl
    if ($ShortcutIconLocation) {
    $Shortcut.IconLocation = $ShortcutIconLocation

    After that, seems to work great so far.

    PS-If using for MyApps, I’d recommend change the URL to*tenant domain* so that it skips a redirect from the old version and will do seamless sign-in if you have only one cached profile.

  19. -File “Add-WebApp.ps1” I dont understand this parameter in your install command.

    Can you help what it is referring to?

Leave a Reply

Your email address will not be published. Required fields are marked *