Advanced deployment of shortcuts to web apps with Microsoft Intune – Revamped

Advanced deployment of shortcuts to web apps with Microsoft Intune – Revamped

Back in 2018, I blogged about deploying web links to Windows 10 devices using a PowerShell Script solution in Intune. Because when admins use the web app deployment type in Intune, shortcuts are only created in the start menu with the default browser’s icon. The PowerShell solution I blogged about has added benefits compared to the built-in option in Intune, for example, it enables admins to place shortcuts on the desktop, in the startup folder and provides the option to use an icon of choice for the shortcut.

Community feedback

In the past years, there’s been a lot of comments and feedback on the PowerShell solution.

  • The PowerShell solution was designed to run in the context of the user. In some use cases, admins want to target the %ALLUSERSPROFILE% and %PUBLIC% desktop. The provided script needs modification and would not work for that scenario out-of-the-box.
  • If OneDrive Known Folder Move was in place, the shortcut would be created in the wrong location, because I assumed the desktop would always be at the $env:USERPROFILE\Desktop path instead of using the Environment.GetFolderPath method:[Environment]::GetFolderPath("Desktop") to check the desktop’s location.
  • Some admins using the PowerShell solution to deploy web links requested assistance in removing the shortcuts when they were no longer used in their organization.

With ~700 monthly page views for that blog post, it is the most popular post I’ve published so far. Based on your feedback and popularity, it’s time for a revamp!

Say hi to the Win32 app solution

I’ve rebuilt the PowerShell Script and wrapped it as a Win32 app. Benefits of the Win32 app, as opposed to the native PowerShell solution, are:

  • A shortcut can easily be installed as a required or available app, but also removed by assigning a shortcut to uninstall
  • When a shortcut is removed by a user, the Win32 App detection will detect that (syncs every hour) and places the shortcut back
  • The wrapped Win32 app supports parameters for the embedded PowerShell script in the install and uninstall commands. So you can use the prebuild Win32 app available on GitHub!

So what else is new to the Win32 app solution?

  • Can either run in System (for all users) or User (current user only) context. The script will check in which context it runs and creates shortcuts in either the user’s profile or public/all users start menu, desktop, and/or startup folder accordingly.
  • Support when the desktop is redirected with OneDrive Known Folder Move.
  • You can provide the URL where the icon is hosted in contrast to embedding an icon Base64 encoded in the PowerShell script solution.

How to deploy a web link using the Win32 app solution?

You can find a prepackaged .intunewin Win32 app, the source code and documentation on how to deploy the app on my GitHubhttps://github.com/jseerden/Win32IntuneWebApp

Let’s walk through the deployment

  1. Download the prepackaged .intunewin file, or use the IntuneWinAppUtil to wrap the source and create your package.
  2. Create a new Win32 app in Microsoft Intune and upload the package.
  3. Configure the install and uninstall commands to your needs, for example:
    Install command: PowerShell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "Add-WebApp.ps1" -ShortcutName "MyApps" -ShortcutUrl "https://myapps.microsoft.com" -ShortcutIconUrl "https://myintuneiconstorage.blob.core.windows.net/icons/microsoft-myapps.ico" -ShortcutInStartMenu $true -ShortcutOnDesktop $true -ShortcutInStartup $false
  4. Uninstall command: PowerShell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -File "Remove-WebApp.ps1" -ShortcutName "MyApps"
  5. Select System context if you want to deploy the shortcut to all users that log on the device or User context to deploy it only in the user’s profile of those assigned.
  6. Configure the detection rules, depending on the context you run the app in:

    Detection when running in System context
    Rules format: Manually configure detection rules
    Rule type: File
    Path: %PROGRAMDATA%\Icons
    File: My Apps.ico
    Detection method: File or folder exists

    Rule type: File
    Path: %PUBLIC%\Desktop
    File: My Apps.lnk
    Detection method: File or folder exists

    Rule type: File
    Path: %PROGRAMDATA%\Microsoft\Windows\Start Menu\Programs
    File: My Apps.lnk
    Detection method: File or folder exists

    Detection when running in User context
    Rules format: Manually configure detection rules
    Rule type: File
    Path: %APPDATA%\Icons
    File: My Apps.ico
    Detection method: File or folder exists

    Rule type: File
    Path: %ONEDRIVE%\Desktop if using OneDrive KFM OR %USERPROFILE%\Desktop if not.
    File: My Apps.lnk
    Detection method: File or folder exists

    Rule type: File
    Path: %APPDATA%\Microsoft\Windows\Start Menu\Programs
    File: My Apps.lnk
    Detection method: File or folder exists
  7. Assign it to your users or devices, review the summary, and create the app!

Results

As with the PowerShell solution, the IntuneManagementExtension takes care of installing Win32 apps. As the end result is the same, I reused the gif from my old blog post below.

If you have any questions or feedback, please don’t hesitate to reach out to me using the comments section below or on Twitter @jseerden.

8 thoughts on “Advanced deployment of shortcuts to web apps with Microsoft Intune – Revamped

  1. Nice, this works really good! Only downside that i can think of is that we don’t have a choice of a preferred browser anymore. Which in some cases is necessary

  2. Thanks for the epic script – I’ve tested it and it works as expected however would it be possible that it does not work properly on a non-english OS as it appears to be putting the shortcut in root C:\

    Any ideas?

  3. Thank you, this was just what I was looking for.

    Also, I guess the “%PROGRAMDATA%” under ‘Detection in User Context’ should be “%APPDATA%”?

Leave a Reply

Your email address will not be published. Required fields are marked *